Description
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Affected Software
Related
{"id": "CVE-2020-2895", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2020-2895", "description": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "published": "2020-04-15T14:15:00", "modified": "2021-12-30T21:31:00", "epss": [{"cve": "CVE-2020-2895", "epss": 0.00087, "percentile": 0.36035, "modified": "2023-06-06"}], "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.0}, "severity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.2, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2895", "reporter": "secalert_us@oracle.com", "references": ["https://www.oracle.com/security-alerts/cpuapr2020.html", "https://security.netapp.com/advisory/ntap-20200416-0003/", "https://usn.ubuntu.com/4350-1/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/", "https://security.gentoo.org/glsa/202105-27"], "cvelist": ["CVE-2020-2895"], "immutableFields": [], "lastseen": "2023-06-06T14:45:24", "viewCount": 77, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:3732"]}, {"type": "fedora", "idList": ["FEDORA:56E9E608ECFD", "FEDORA:DCA0F6051CEF", "FEDORA:E0D0C605DCCC"]}, {"type": "freebsd", "idList": ["21D59EA3-8559-11EA-A5E2-D4C9EF517024"]}, {"type": "gentoo", "idList": ["GLSA-202105-27"]}, {"type": "ibm", "idList": ["A1A0398B401BEF610025984C15ACCDF1EDCBAE78A78A09063FD3B2A4DE512BFD"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2020-3732.NASL", "FEDORA_2020-20AC7C92A1.NASL", "FEDORA_2020-261C9DDD7C.NASL", "FREEBSD_PKG_21D59EA3855911EAA5E2D4C9EF517024.NASL", "GENTOO_GLSA-202105-27.NASL", "MYSQL_8_0_20.NASL", "ORACLELINUX_ELSA-2020-3732.NASL", "PHOTONOS_PHSA-2020-3_0-0082_MYSQL.NASL", "REDHAT-RHSA-2020-3518.NASL", "REDHAT-RHSA-2020-3732.NASL", "REDHAT-RHSA-2020-3755.NASL", "REDHAT-RHSA-2020-3757.NASL", "UBUNTU_USN-4350-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143732", "OPENVAS:1361412562310143733", "OPENVAS:1361412562310844418", "OPENVAS:1361412562310877794", "OPENVAS:1361412562310877808", "OPENVAS:1361412562310877819"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2020"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3732"]}, {"type": "photon", "idList": ["PHSA-2020-0082", "PHSA-2020-3.0-0082"]}, {"type": "redhat", "idList": ["RHSA-2020:3518", "RHSA-2020:3732", "RHSA-2020:3755", "RHSA-2020:3757"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-2895"]}, {"type": "rocky", "idList": ["RLSA-2020:3732"]}, {"type": "ubuntu", "idList": ["USN-4350-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-2895"]}, {"type": "veracode", "idList": ["VERACODE:26416"]}]}, "score": {"value": 2.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:3732"]}, {"type": "fedora", "idList": ["FEDORA:56E9E608ECFD", "FEDORA:DCA0F6051CEF", "FEDORA:E0D0C605DCCC"]}, {"type": "freebsd", "idList": ["21D59EA3-8559-11EA-A5E2-D4C9EF517024"]}, {"type": "gentoo", "idList": ["GLSA-202105-27"]}, {"type": "nessus", "idList": ["FEDORA_2020-20AC7C92A1.NASL", "FEDORA_2020-261C9DDD7C.NASL", "FREEBSD_PKG_21D59EA3855911EAA5E2D4C9EF517024.NASL", "ORACLELINUX_ELSA-2020-3732.NASL", "PHOTONOS_PHSA-2020-3_0-0082_MYSQL.NASL", "REDHAT-RHSA-2020-3755.NASL", "REDHAT-RHSA-2020-3757.NASL", "UBUNTU_USN-4350-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143732", "OPENVAS:1361412562310143733", "OPENVAS:1361412562310844418", "OPENVAS:1361412562310877794", "OPENVAS:1361412562310877808", "OPENVAS:1361412562310877819"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3732"]}, {"type": "photon", "idList": ["PHSA-2020-3.0-0082"]}, {"type": "redhat", "idList": ["RHSA-2020:3732"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-2895"]}, {"type": "ubuntu", "idList": ["USN-4350-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-2895"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2020-2895", "epss": 0.00087, "percentile": 0.35932, "modified": "2023-05-07"}], "vulnersScore": 2.2}, "_state": {"dependencies": 1686070051, "score": 1686062979, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "a68b4bfe3184e2e485caab0770d97e13"}, "cna_cvss": {"cna": "Oracle", "cvss": {"3": {"vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "score": 4.9}}}, "cpe": ["cpe:/o:fedoraproject:fedora:31", "cpe:/a:netapp:oncommand_workflow_automation:-", "cpe:/o:canonical:ubuntu_linux:19.10", "cpe:/a:netapp:snapcenter:-", "cpe:/a:netapp:oncommand_insight:-", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:20.04", "cpe:/a:netapp:active_iq_unified_manager:*"], "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "affectedSoftware": [{"cpeName": "oracle:mysql", "version": "8.0.19", "operator": "lt", "name": "oracle mysql"}, {"cpeName": "fedoraproject:fedora", "version": "30", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "fedoraproject:fedora", "version": "31", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "fedoraproject:fedora", "version": "32", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "netapp:snapcenter", "version": "-", "operator": "eq", "name": "netapp snapcenter"}, {"cpeName": "netapp:oncommand_workflow_automation", "version": "-", "operator": "eq", "name": "netapp oncommand workflow automation"}, {"cpeName": "netapp:oncommand_insight", "version": "-", "operator": "eq", "name": "netapp oncommand insight"}, {"cpeName": "netapp:active_iq_unified_manager", "version": "*", "operator": "eq", "name": "netapp active iq unified manager"}, {"cpeName": "canonical:ubuntu_linux", "version": "18.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "19.10", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "20.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "16.04", "operator": "eq", "name": "canonical ubuntu linux"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:mysql:8.0.19:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndExcluding": "8.0.19", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "versionStartIncluding": "7.3", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "versionStartIncluding": "9.5", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "tags": ["Vendor Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20200416-0003/", "name": "https://security.netapp.com/advisory/ntap-20200416-0003/", "refsource": "CONFIRM", "tags": ["Third Party Advisory"]}, {"url": "https://usn.ubuntu.com/4350-1/", "name": "USN-4350-1", "refsource": "UBUNTU", "tags": ["Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/", "name": "FEDORA-2020-136dc82437", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/", "name": "FEDORA-2020-20ac7c92a1", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/", "name": "FEDORA-2020-261c9ddd7c", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://security.gentoo.org/glsa/202105-27", "name": "GLSA-202105-27", "refsource": "GENTOO", "tags": ["Third Party Advisory"]}], "product_info": [{"vendor": "Oracle Corporation", "product": "MySQL Server"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.", "lang": "en", "type": "text"}]}], "exploits": [], "assigned": "1976-01-01T00:00:00"}
{"redhatcve": [{"lastseen": "2023-06-06T15:08:25", "description": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-30T19:41:33", "type": "redhatcve", "title": "CVE-2020-2895", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2895"], "modified": "2023-04-06T06:35:45", "id": "RH:CVE-2020-2895", "href": "https://access.redhat.com/security/cve/cve-2020-2895", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-06-29T14:14:18", "description": "Vulnerability in the MySQL Server product of Oracle MySQL (component:\nInnoDB). Supported versions that are affected are 8.0.19 and prior. Easily\nexploitable vulnerability allows high privileged attacker with network\naccess via multiple protocols to compromise MySQL Server. Successful\nattacks of this vulnerability can result in unauthorized ability to cause a\nhang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS\n3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n#### Notes\n\nAuthor| Note \n---|--- \n[leosilva](<https://launchpad.net/~leosilva>) | since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | MySQL 8.x only\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-15T00:00:00", "type": "ubuntucve", "title": "CVE-2020-2895", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2895"], "modified": "2020-04-15T00:00:00", "id": "UB:CVE-2020-2895", "href": "https://ubuntu.com/security/CVE-2020-2895", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2022-07-26T16:54:04", "description": "mysql server is vulnerable to denial of service. An easily exploitable vulnerability allows a privileged user to affect the availability of the application.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-20T02:25:59", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2895"], "modified": "2021-12-30T23:14:31", "id": "VERACODE:26416", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-26416/summary", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-05-08T17:11:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-05T00:00:00", "type": "openvas", "title": "Ubuntu: Security Advisory for mysql-8.0 (USN-4350-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-2893", "CVE-2020-2896", "CVE-2020-2923", "CVE-2020-2922", "CVE-2020-2812", "CVE-2020-2762", "CVE-2020-2904", "CVE-2020-2763", "CVE-2020-2926", "CVE-2020-2930", "CVE-2020-2897", "CVE-2020-2895", "CVE-2020-2760", "CVE-2020-2901", "CVE-2020-2898", "CVE-2020-2903", "CVE-2020-2892", "CVE-2020-2765", "CVE-2020-2921", "CVE-2020-2928", "CVE-2020-2924", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2759", "CVE-2020-2925"], "modified": "2020-05-07T00:00:00", "id": "OPENVAS:1361412562310844418", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844418", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844418\");\n script_version(\"2020-05-07T07:41:43+0000\");\n script_cve_id(\"CVE-2020-2759\", \"CVE-2020-2760\", \"CVE-2020-2762\", \"CVE-2020-2763\", \"CVE-2020-2765\", \"CVE-2020-2780\", \"CVE-2020-2804\", \"CVE-2020-2812\", \"CVE-2020-2892\", \"CVE-2020-2893\", \"CVE-2020-2895\", \"CVE-2020-2896\", \"CVE-2020-2897\", \"CVE-2020-2898\", \"CVE-2020-2901\", \"CVE-2020-2903\", \"CVE-2020-2904\", \"CVE-2020-2921\", \"CVE-2020-2922\", \"CVE-2020-2923\", \"CVE-2020-2924\", \"CVE-2020-2925\", \"CVE-2020-2926\", \"CVE-2020-2928\", \"CVE-2020-2930\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-07 07:41:43 +0000 (Thu, 07 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-05 03:00:24 +0000 (Tue, 05 May 2020)\");\n script_name(\"Ubuntu: Security Advisory for mysql-8.0 (USN-4350-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU19\\.10|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS|UBUNTU20\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4350-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-May/005418.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-8.0'\n package(s) announced via the USN-4350-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in MySQL and this update includes\nnew upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 8.0.80 in Ubuntu 19.10 and Ubuntu 20.04 LTS.\nUbuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.30.\n\nIn addition to security fixes, the updated packages contain bug fixes, new\nfeatures, and possibly incompatible changes.\");\n\n script_tag(name:\"affected\", value:\"'mysql-8.0' package(s) on Ubuntu 20.04 LTS, Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"mysql-server-8.0\", ver:\"8.0.20-0ubuntu0.19.10.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.30-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"mysql-server-5.7\", ver:\"5.7.30-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU20.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"mysql-server-8.0\", ver:\"8.0.20-0ubuntu0.20.04.1\", rls:\"UBUNTU20.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-04-22T15:19:47", "description": "Oracle MySQL is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-04-20T00:00:00", "type": "openvas", "title": "Oracle MySQL 8.0.x < 8.0.20 Security Update (cpuapr2020) - Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-2893", "CVE-2020-2896", "CVE-2020-2923", "CVE-2020-2812", "CVE-2020-2762", "CVE-2020-2904", "CVE-2020-2763", "CVE-2020-2926", "CVE-2020-2930", "CVE-2020-2897", "CVE-2020-2895", "CVE-2020-2760", "CVE-2020-2901", "CVE-2020-2898", "CVE-2020-2903", "CVE-2020-2892", "CVE-2020-2765", "CVE-2020-2921", "CVE-2020-2928", "CVE-2020-2924", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2759", "CVE-2020-2925"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310143732", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143732", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143732\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-20 03:41:06 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_cve_id(\"CVE-2020-2780\", \"CVE-2020-2804\", \"CVE-2020-2760\", \"CVE-2020-2762\", \"CVE-2020-2893\",\n \"CVE-2020-2895\", \"CVE-2020-2898\", \"CVE-2020-2903\", \"CVE-2020-2896\", \"CVE-2020-2765\",\n \"CVE-2020-2892\", \"CVE-2020-2897\", \"CVE-2020-2923\", \"CVE-2020-2924\", \"CVE-2020-2901\",\n \"CVE-2020-2928\", \"CVE-2020-2904\", \"CVE-2020-2925\", \"CVE-2020-2759\", \"CVE-2020-2763\",\n \"CVE-2020-2812\", \"CVE-2020-2926\", \"CVE-2020-2921\", \"CVE-2020-2930\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL 8.0.x < 8.0.20 Security Update (cpuapr2020) - Linux\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL versions 8.0.0 - 8.0.19.\");\n\n script_tag(name:\"solution\", value:\"Update to version 8.0.20 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.19\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.20\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-04-22T15:19:46", "description": "Oracle MySQL is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-04-20T00:00:00", "type": "openvas", "title": "Oracle MySQL 8.0.x < 8.0.20 Security Update (cpuapr2020) - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-2893", "CVE-2020-2896", "CVE-2020-2923", "CVE-2020-2812", "CVE-2020-2762", "CVE-2020-2904", "CVE-2020-2763", "CVE-2020-2926", "CVE-2020-2930", "CVE-2020-2897", "CVE-2020-2895", "CVE-2020-2760", "CVE-2020-2901", "CVE-2020-2898", "CVE-2020-2903", "CVE-2020-2892", "CVE-2020-2765", "CVE-2020-2921", "CVE-2020-2928", "CVE-2020-2924", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2759", "CVE-2020-2925"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310143733", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143733", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143733\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-20 04:00:21 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_cve_id(\"CVE-2020-2780\", \"CVE-2020-2804\", \"CVE-2020-2760\", \"CVE-2020-2762\", \"CVE-2020-2893\",\n \"CVE-2020-2895\", \"CVE-2020-2898\", \"CVE-2020-2903\", \"CVE-2020-2896\", \"CVE-2020-2765\",\n \"CVE-2020-2892\", \"CVE-2020-2897\", \"CVE-2020-2923\", \"CVE-2020-2924\", \"CVE-2020-2901\",\n \"CVE-2020-2928\", \"CVE-2020-2904\", \"CVE-2020-2925\", \"CVE-2020-2759\", \"CVE-2020-2763\",\n \"CVE-2020-2812\", \"CVE-2020-2926\", \"CVE-2020-2921\", \"CVE-2020-2930\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL 8.0.x < 8.0.20 Security Update (cpuapr2020) - Windows\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL versions 8.0.0 - 8.0.19.\");\n\n script_tag(name:\"solution\", value:\"Update to version 8.0.20 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.19\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.20\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-05-18T15:27:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-11T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for community-mysql (FEDORA-2020-20ac7c92a1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-2770", "CVE-2020-2761", "CVE-2020-2893", "CVE-2020-2896", "CVE-2020-2923", "CVE-2020-2812", "CVE-2020-2762", "CVE-2020-2904", "CVE-2020-2763", "CVE-2020-2926", "CVE-2020-2930", "CVE-2020-2779", "CVE-2020-2897", "CVE-2020-2774", "CVE-2020-2895", "CVE-2020-2760", "CVE-2020-2901", "CVE-2020-2898", "CVE-2020-2903", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2765", "CVE-2020-2921", "CVE-2020-2928", "CVE-2020-2924", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2814", "CVE-2020-2759", "CVE-2020-2925"], "modified": "2020-05-15T00:00:00", "id": "OPENVAS:1361412562310877819", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877819", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877819\");\n script_version(\"2020-05-15T04:25:55+0000\");\n script_cve_id(\"CVE-2020-2759\", \"CVE-2020-2761\", \"CVE-2020-2762\", \"CVE-2020-2763\", \"CVE-2020-2765\", \"CVE-2020-2770\", \"CVE-2020-2774\", \"CVE-2020-2779\", \"CVE-2020-2780\", \"CVE-2020-2804\", \"CVE-2020-2812\", \"CVE-2020-2814\", \"CVE-2020-2853\", \"CVE-2020-2892\", \"CVE-2020-2893\", \"CVE-2020-2895\", \"CVE-2020-2896\", \"CVE-2020-2897\", \"CVE-2020-2898\", \"CVE-2020-2901\", \"CVE-2020-2903\", \"CVE-2020-2904\", \"CVE-2020-2921\", \"CVE-2020-2923\", \"CVE-2020-2924\", \"CVE-2020-2925\", \"CVE-2020-2926\", \"CVE-2020-2928\", \"CVE-2020-2930\", \"CVE-2020-2760\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-15 04:25:55 +0000 (Fri, 15 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-11 03:22:31 +0000 (Mon, 11 May 2020)\");\n script_name(\"Fedora: Security Advisory for community-mysql (FEDORA-2020-20ac7c92a1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2020-20ac7c92a1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the FEDORA-2020-20ac7c92a1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\nclient/server implementation consisting of a server daemon (mysqld)\nand many different client programs and libraries. The base package\ncontains the standard MySQL client programs and generic MySQL files.\");\n\n script_tag(name:\"affected\", value:\"'community-mysql' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~8.0.20~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-05-18T15:27:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-11T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for community-mysql (FEDORA-2020-136dc82437)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-2770", "CVE-2020-2761", "CVE-2020-2893", "CVE-2020-2896", "CVE-2020-2923", "CVE-2020-2812", "CVE-2020-2762", "CVE-2020-2904", "CVE-2020-2763", "CVE-2020-2926", "CVE-2020-2930", "CVE-2020-2779", "CVE-2020-2897", "CVE-2020-2774", "CVE-2020-2895", "CVE-2020-2760", "CVE-2020-2901", "CVE-2020-2898", "CVE-2020-2903", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2765", "CVE-2020-2921", "CVE-2020-2928", "CVE-2020-2924", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2814", "CVE-2020-2759", "CVE-2020-2925"], "modified": "2020-05-15T00:00:00", "id": "OPENVAS:1361412562310877794", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877794", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877794\");\n script_version(\"2020-05-15T04:25:55+0000\");\n script_cve_id(\"CVE-2020-2759\", \"CVE-2020-2761\", \"CVE-2020-2762\", \"CVE-2020-2763\", \"CVE-2020-2765\", \"CVE-2020-2770\", \"CVE-2020-2774\", \"CVE-2020-2779\", \"CVE-2020-2780\", \"CVE-2020-2804\", \"CVE-2020-2812\", \"CVE-2020-2814\", \"CVE-2020-2853\", \"CVE-2020-2892\", \"CVE-2020-2893\", \"CVE-2020-2895\", \"CVE-2020-2896\", \"CVE-2020-2897\", \"CVE-2020-2898\", \"CVE-2020-2901\", \"CVE-2020-2903\", \"CVE-2020-2904\", \"CVE-2020-2921\", \"CVE-2020-2923\", \"CVE-2020-2924\", \"CVE-2020-2925\", \"CVE-2020-2926\", \"CVE-2020-2928\", \"CVE-2020-2930\", \"CVE-2020-2760\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-15 04:25:55 +0000 (Fri, 15 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-11 03:21:22 +0000 (Mon, 11 May 2020)\");\n script_name(\"Fedora: Security Advisory for community-mysql (FEDORA-2020-136dc82437)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-136dc82437\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the FEDORA-2020-136dc82437 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\nclient/server implementation consisting of a server daemon (mysqld)\nand many different client programs and libraries. The base package\ncontains the standard MySQL client programs and generic MySQL files.\");\n\n script_tag(name:\"affected\", value:\"'community-mysql' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~8.0.20~1.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-05-18T15:21:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-11T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for community-mysql (FEDORA-2020-261c9ddd7c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-2770", "CVE-2020-2761", "CVE-2020-2893", "CVE-2020-2896", "CVE-2020-2923", "CVE-2020-2812", "CVE-2020-2762", "CVE-2020-2904", "CVE-2020-2763", "CVE-2020-2926", "CVE-2020-2930", "CVE-2020-2779", "CVE-2020-2897", "CVE-2020-2774", "CVE-2020-2895", "CVE-2020-2760", "CVE-2020-2901", "CVE-2020-2898", "CVE-2020-2903", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2765", "CVE-2020-2921", "CVE-2020-2928", "CVE-2020-2924", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2814", "CVE-2020-2759", "CVE-2020-2925"], "modified": "2020-05-15T00:00:00", "id": "OPENVAS:1361412562310877808", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877808", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877808\");\n script_version(\"2020-05-15T04:25:55+0000\");\n script_cve_id(\"CVE-2020-2759\", \"CVE-2020-2761\", \"CVE-2020-2762\", \"CVE-2020-2763\", \"CVE-2020-2765\", \"CVE-2020-2770\", \"CVE-2020-2774\", \"CVE-2020-2779\", \"CVE-2020-2780\", \"CVE-2020-2804\", \"CVE-2020-2812\", \"CVE-2020-2814\", \"CVE-2020-2853\", \"CVE-2020-2892\", \"CVE-2020-2893\", \"CVE-2020-2895\", \"CVE-2020-2896\", \"CVE-2020-2897\", \"CVE-2020-2898\", \"CVE-2020-2901\", \"CVE-2020-2903\", \"CVE-2020-2904\", \"CVE-2020-2921\", \"CVE-2020-2923\", \"CVE-2020-2924\", \"CVE-2020-2925\", \"CVE-2020-2926\", \"CVE-2020-2928\", \"CVE-2020-2930\", \"CVE-2020-2760\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-15 04:25:55 +0000 (Fri, 15 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-11 03:22:03 +0000 (Mon, 11 May 2020)\");\n script_name(\"Fedora: Security Advisory for community-mysql (FEDORA-2020-261c9ddd7c)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-261c9ddd7c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the FEDORA-2020-261c9ddd7c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\nclient/server implementation consisting of a server daemon (mysqld)\nand many different client programs and libraries. The base package\ncontains the standard MySQL client programs and generic MySQL files.\");\n\n script_tag(name:\"affected\", value:\"'community-mysql' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~8.0.20~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2023-06-06T15:48:00", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 19.10 \n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * mysql-5.7 \\- MySQL database\n * mysql-8.0 \\- MySQL database\n\nMultiple security issues were discovered in MySQL and this update includes \nnew upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 8.0.80 in Ubuntu 19.10 and Ubuntu 20.04 LTS. \nUbuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.30.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information:\n\n<https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-30.html>\n\n<https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html>\n\n<https://www.oracle.com/security-alerts/cpuapr2020.html>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-04T00:00:00", "type": "ubuntu", "title": "MySQL vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "modified": "2020-05-04T00:00:00", "id": "USN-4350-1", "href": "https://ubuntu.com/security/notices/USN-4350-1", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T15:00:55", "description": "Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 8.0.80 in Ubuntu 19.10 and Ubuntu 20.04 LTS.\nUbuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.30.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-30.html\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html\n\nhttps://www.oracle.com/security-alerts/cpuapr2020.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-05-07T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : mysql-5.7, mysql-8.0 vulnerabilities (USN-4350-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7", "p-cpe:/a:canonical:ubuntu_linux:mysql-server-8.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.10", "cpe:/o:canonical:ubuntu_linux:20.04"], "id": "UBUNTU_USN-4350-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136399", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4350-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136399);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2020-2759\", \"CVE-2020-2760\", \"CVE-2020-2762\", \"CVE-2020-2763\", \"CVE-2020-2765\", \"CVE-2020-2780\", \"CVE-2020-2804\", \"CVE-2020-2812\", \"CVE-2020-2892\", \"CVE-2020-2893\", \"CVE-2020-2895\", \"CVE-2020-2896\", \"CVE-2020-2897\", \"CVE-2020-2898\", \"CVE-2020-2901\", \"CVE-2020-2903\", \"CVE-2020-2904\", \"CVE-2020-2921\", \"CVE-2020-2922\", \"CVE-2020-2923\", \"CVE-2020-2924\", \"CVE-2020-2925\", \"CVE-2020-2926\", \"CVE-2020-2928\", \"CVE-2020-2930\");\n script_xref(name:\"USN\", value:\"4350-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : mysql-5.7, mysql-8.0 vulnerabilities (USN-4350-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were discovered in MySQL and this update\nincludes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 8.0.80 in Ubuntu 19.10 and Ubuntu 20.04 LTS.\nUbuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL\n5.7.30.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-30.html\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html\n\nhttps://www.oracle.com/security-alerts/cpuapr2020.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4350-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected mysql-server-5.7 and / or mysql-server-8.0\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2760\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.10|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.10 / 20.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"mysql-server-5.7\", pkgver:\"5.7.30-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"mysql-server-5.7\", pkgver:\"5.7.30-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"mysql-server-8.0\", pkgver:\"8.0.20-0ubuntu0.19.10.1\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"mysql-server-8.0\", pkgver:\"8.0.20-0ubuntu0.20.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-server-5.7 / mysql-server-8.0\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:06", "description": "**MySQL 8.0.20**\n\nRelease notes :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html\n\nCVEs fixed :\n\nCVE-2020-2759 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 CVE-2020-2853 CVE-2020-2892 CVE-2020-2893 CVE-2020-2895 CVE-2020-2896 CVE-2020-2897 CVE-2020-2898 CVE-2020-2901 CVE-2020-2903 CVE-2020-2904 CVE-2020-2921 CVE-2020-2923 CVE-2020-2924 CVE-2020-2925 CVE-2020-2926 CVE-2020-2928 CVE-2020-2930 CVE-2020-2760\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-05-11T00:00:00", "type": "nessus", "title": "Fedora 31 : community-mysql (2020-261c9ddd7c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "modified": "2020-05-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:community-mysql", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-261C9DDD7C.NASL", "href": "https://www.tenable.com/plugins/nessus/136434", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-261c9ddd7c.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136434);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/13\");\n\n script_cve_id(\"CVE-2020-2759\", \"CVE-2020-2760\", \"CVE-2020-2761\", \"CVE-2020-2762\", \"CVE-2020-2763\", \"CVE-2020-2765\", \"CVE-2020-2770\", \"CVE-2020-2774\", \"CVE-2020-2779\", \"CVE-2020-2780\", \"CVE-2020-2804\", \"CVE-2020-2812\", \"CVE-2020-2814\", \"CVE-2020-2853\", \"CVE-2020-2892\", \"CVE-2020-2893\", \"CVE-2020-2895\", \"CVE-2020-2896\", \"CVE-2020-2897\", \"CVE-2020-2898\", \"CVE-2020-2901\", \"CVE-2020-2903\", \"CVE-2020-2904\", \"CVE-2020-2921\", \"CVE-2020-2923\", \"CVE-2020-2924\", \"CVE-2020-2925\", \"CVE-2020-2926\", \"CVE-2020-2928\", \"CVE-2020-2930\");\n script_xref(name:\"FEDORA\", value:\"2020-261c9ddd7c\");\n\n script_name(english:\"Fedora 31 : community-mysql (2020-261c9ddd7c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**MySQL 8.0.20**\n\nRelease notes :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html\n\nCVEs fixed :\n\nCVE-2020-2759 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765\nCVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804\nCVE-2020-2812 CVE-2020-2814 CVE-2020-2853 CVE-2020-2892 CVE-2020-2893\nCVE-2020-2895 CVE-2020-2896 CVE-2020-2897 CVE-2020-2898 CVE-2020-2901\nCVE-2020-2903 CVE-2020-2904 CVE-2020-2921 CVE-2020-2923 CVE-2020-2924\nCVE-2020-2925 CVE-2020-2926 CVE-2020-2928 CVE-2020-2930 CVE-2020-2760\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-261c9ddd7c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected community-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2760\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"community-mysql-8.0.20-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:00:10", "description": "**MySQL 8.0.20**\n\nRelease notes :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html\n\nCVEs fixed :\n\nCVE-2020-2759 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 CVE-2020-2853 CVE-2020-2892 CVE-2020-2893 CVE-2020-2895 CVE-2020-2896 CVE-2020-2897 CVE-2020-2898 CVE-2020-2901 CVE-2020-2903 CVE-2020-2904 CVE-2020-2921 CVE-2020-2923 CVE-2020-2924 CVE-2020-2925 CVE-2020-2926 CVE-2020-2928 CVE-2020-2930 CVE-2020-2760\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-05-11T00:00:00", "type": "nessus", "title": "Fedora 30 : community-mysql (2020-20ac7c92a1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "modified": "2020-05-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:community-mysql", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2020-20AC7C92A1.NASL", "href": "https://www.tenable.com/plugins/nessus/136433", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-20ac7c92a1.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136433);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/13\");\n\n script_cve_id(\"CVE-2020-2759\", \"CVE-2020-2760\", \"CVE-2020-2761\", \"CVE-2020-2762\", \"CVE-2020-2763\", \"CVE-2020-2765\", \"CVE-2020-2770\", \"CVE-2020-2774\", \"CVE-2020-2779\", \"CVE-2020-2780\", \"CVE-2020-2804\", \"CVE-2020-2812\", \"CVE-2020-2814\", \"CVE-2020-2853\", \"CVE-2020-2892\", \"CVE-2020-2893\", \"CVE-2020-2895\", \"CVE-2020-2896\", \"CVE-2020-2897\", \"CVE-2020-2898\", \"CVE-2020-2901\", \"CVE-2020-2903\", \"CVE-2020-2904\", \"CVE-2020-2921\", \"CVE-2020-2923\", \"CVE-2020-2924\", \"CVE-2020-2925\", \"CVE-2020-2926\", \"CVE-2020-2928\", \"CVE-2020-2930\");\n script_xref(name:\"FEDORA\", value:\"2020-20ac7c92a1\");\n\n script_name(english:\"Fedora 30 : community-mysql (2020-20ac7c92a1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**MySQL 8.0.20**\n\nRelease notes :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-20.html\n\nCVEs fixed :\n\nCVE-2020-2759 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765\nCVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804\nCVE-2020-2812 CVE-2020-2814 CVE-2020-2853 CVE-2020-2892 CVE-2020-2893\nCVE-2020-2895 CVE-2020-2896 CVE-2020-2897 CVE-2020-2898 CVE-2020-2901\nCVE-2020-2903 CVE-2020-2904 CVE-2020-2921 CVE-2020-2923 CVE-2020-2924\nCVE-2020-2925 CVE-2020-2926 CVE-2020-2928 CVE-2020-2930 CVE-2020-2760\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-20ac7c92a1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected community-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2760\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"community-mysql-8.0.20-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:16", "description": "The version of MySQL running on the remote host is 8.0.x prior to 8.0.20. It is, therefore, affected by multiple vulnerabilities, including the following, as noted in the April 2020 Critical Patch Update advisory:\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. (CVE-2021-2144)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. This difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2804)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. This easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2763)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-22T00:00:00", "type": "nessus", "title": "MySQL 8.0.x < 8.0.20 Multiple Vulnerabilities (Apr 2020 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15601", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2016", "CVE-2021-2019", "CVE-2021-2144"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_8_0_20.NASL", "href": "https://www.tenable.com/plugins/nessus/135701", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135701);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-15601\",\n \"CVE-2020-2759\",\n \"CVE-2020-2760\",\n \"CVE-2020-2762\",\n \"CVE-2020-2763\",\n \"CVE-2020-2765\",\n \"CVE-2020-2780\",\n \"CVE-2020-2804\",\n \"CVE-2020-2812\",\n \"CVE-2020-2892\",\n \"CVE-2020-2893\",\n \"CVE-2020-2895\",\n \"CVE-2020-2896\",\n \"CVE-2020-2897\",\n \"CVE-2020-2898\",\n \"CVE-2020-2901\",\n \"CVE-2020-2903\",\n \"CVE-2020-2904\",\n \"CVE-2020-2921\",\n \"CVE-2020-2923\",\n \"CVE-2020-2924\",\n \"CVE-2020-2925\",\n \"CVE-2020-2926\",\n \"CVE-2020-2928\",\n \"CVE-2020-2930\",\n \"CVE-2021-2006\",\n \"CVE-2021-2007\",\n \"CVE-2021-2009\",\n \"CVE-2021-2016\",\n \"CVE-2021-2019\",\n \"CVE-2021-2144\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0143\");\n script_xref(name:\"IAVA\", value:\"2021-A-0038\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"MySQL 8.0.x < 8.0.20 Multiple Vulnerabilities (Apr 2020 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 8.0.x prior to 8.0.20. It is, therefore, affected by multiple\nvulnerabilities, including the following, as noted in the April 2020 Critical Patch Update advisory:\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions\n that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of\n this vulnerability can result in takeover of MySQL Server. (CVE-2021-2144)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions\n that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. This difficult to exploit\n vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2804)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. This easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2763)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpujan2021cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpuapr2021cvrf.xml\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 8.0.20 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-2144\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-15601\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\", \"mysql_version_local.nasl\", \"mysql_win_installed.nbin\", \"macosx_mysql_installed.nbin\");\n script_require_keys(\"installed_sw/MySQL Server\");\n\n exit(0);\n}\n\n\ninclude('vcf_extras_mysql.inc');\n\nvar app_info = vcf::mysql::combined_get_app_info();\n\nvar constraints = [{ 'min_version' : '8.0.0', 'fixed_version' : '8.0.20'}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:17", "description": "Oracle reports :\n\nThis Critical Patch Update contains 45 new security patches for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.\n\nMariaDB reports 4 of these vulnerabilities exist in their software", "cvss3": {}, "published": "2020-04-24T00:00:00", "type": "nessus", "title": "FreeBSD : MySQL Server -- Multiple vulerabilities (21d59ea3-8559-11ea-a5e2-d4c9ef517024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1547", "CVE-2019-15601", "CVE-2019-5482", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2768", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2790", "CVE-2020-2804", "CVE-2020-2806", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "modified": "2020-05-18T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mariadb101-server", "p-cpe:/a:freebsd:freebsd:mariadb102-server", "p-cpe:/a:freebsd:freebsd:mariadb103-server", "p-cpe:/a:freebsd:freebsd:mariadb104-server", "p-cpe:/a:freebsd:freebsd:mysql56-server", "p-cpe:/a:freebsd:freebsd:mysql57-server", "p-cpe:/a:freebsd:freebsd:mysql80-server", "p-cpe:/a:freebsd:freebsd:percona55-server", "p-cpe:/a:freebsd:freebsd:percona56-server", "p-cpe:/a:freebsd:freebsd:percona57-server", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_21D59EA3855911EAA5E2D4C9EF517024.NASL", "href": "https://www.tenable.com/plugins/nessus/135941", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135941);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/18\");\n\n script_cve_id(\"CVE-2019-1547\", \"CVE-2019-15601\", \"CVE-2019-5482\", \"CVE-2020-2759\", \"CVE-2020-2760\", \"CVE-2020-2761\", \"CVE-2020-2762\", \"CVE-2020-2763\", \"CVE-2020-2765\", \"CVE-2020-2768\", \"CVE-2020-2770\", \"CVE-2020-2774\", \"CVE-2020-2779\", \"CVE-2020-2780\", \"CVE-2020-2790\", \"CVE-2020-2804\", \"CVE-2020-2806\", \"CVE-2020-2812\", \"CVE-2020-2814\", \"CVE-2020-2853\", \"CVE-2020-2892\", \"CVE-2020-2893\", \"CVE-2020-2895\", \"CVE-2020-2896\", \"CVE-2020-2897\", \"CVE-2020-2898\", \"CVE-2020-2901\", \"CVE-2020-2903\", \"CVE-2020-2904\", \"CVE-2020-2921\", \"CVE-2020-2923\", \"CVE-2020-2924\", \"CVE-2020-2925\", \"CVE-2020-2926\", \"CVE-2020-2928\", \"CVE-2020-2930\");\n script_xref(name:\"IAVA\", value:\"2020-A-0143\");\n\n script_name(english:\"FreeBSD : MySQL Server -- Multiple vulerabilities (21d59ea3-8559-11ea-a5e2-d4c9ef517024)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Oracle reports :\n\nThis Critical Patch Update contains 45 new security patches for Oracle\nMySQL. 9 of these vulnerabilities may be remotely exploitable without\nauthentication, i.e., may be exploited over a network without\nrequiring user credentials.\n\nMariaDB reports 4 of these vulnerabilities exist in their software\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/security-alerts/cpujan2020.html\"\n );\n # https://vuxml.freebsd.org/freebsd/21d59ea3-8559-11ea-a5e2-d4c9ef517024.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0117443e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb101-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb102-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb103-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb104-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql57-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql80-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona57-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mariadb101-server<10.1.45\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb102-server<10.2.32\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb103-server<10.3.23\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb104-server<10.4.13\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql56-server<5.6.48\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql57-server<5.7.30\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql80-server<8.0.20\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona55-server<5.5.68\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona56-server<5.6.48\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona57-server<5.7.30\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:24", "description": "An update of the mysql package has been released.", "cvss3": {}, "published": "2020-04-22T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Mysql PHSA-2020-3.0-0082", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2791", "CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2920", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-2570", "CVE-2020-2572", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2768", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:mysql", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0082_MYSQL.NASL", "href": "https://www.tenable.com/plugins/nessus/135872", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0082. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135872);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\n \"CVE-2019-2791\",\n \"CVE-2019-2911\",\n \"CVE-2019-2914\",\n \"CVE-2019-2920\",\n \"CVE-2019-2938\",\n \"CVE-2019-2946\",\n \"CVE-2019-2957\",\n \"CVE-2019-2960\",\n \"CVE-2019-2963\",\n \"CVE-2019-2966\",\n \"CVE-2019-2967\",\n \"CVE-2019-2968\",\n \"CVE-2019-2974\",\n \"CVE-2019-2982\",\n \"CVE-2019-2991\",\n \"CVE-2019-2993\",\n \"CVE-2019-2997\",\n \"CVE-2019-2998\",\n \"CVE-2019-3004\",\n \"CVE-2019-3009\",\n \"CVE-2019-3011\",\n \"CVE-2019-3018\",\n \"CVE-2020-2570\",\n \"CVE-2020-2572\",\n \"CVE-2020-2573\",\n \"CVE-2020-2574\",\n \"CVE-2020-2577\",\n \"CVE-2020-2579\",\n \"CVE-2020-2580\",\n \"CVE-2020-2584\",\n \"CVE-2020-2588\",\n \"CVE-2020-2589\",\n \"CVE-2020-2627\",\n \"CVE-2020-2660\",\n \"CVE-2020-2679\",\n \"CVE-2020-2686\",\n \"CVE-2020-2694\",\n \"CVE-2020-2752\",\n \"CVE-2020-2759\",\n \"CVE-2020-2760\",\n \"CVE-2020-2761\",\n \"CVE-2020-2762\",\n \"CVE-2020-2763\",\n \"CVE-2020-2765\",\n \"CVE-2020-2768\",\n \"CVE-2020-2770\",\n \"CVE-2020-2774\",\n \"CVE-2020-2779\",\n \"CVE-2020-2780\",\n \"CVE-2020-2804\",\n \"CVE-2020-2812\",\n \"CVE-2020-2814\",\n \"CVE-2020-2853\",\n \"CVE-2020-2892\",\n \"CVE-2020-2893\",\n \"CVE-2020-2895\",\n \"CVE-2020-2896\",\n \"CVE-2020-2897\",\n \"CVE-2020-2898\",\n \"CVE-2020-2901\",\n \"CVE-2020-2903\",\n \"CVE-2020-2904\",\n \"CVE-2020-2921\",\n \"CVE-2020-2922\",\n \"CVE-2020-2923\",\n \"CVE-2020-2924\",\n \"CVE-2020-2925\",\n \"CVE-2020-2926\",\n \"CVE-2020-2928\",\n \"CVE-2020-2930\"\n );\n script_bugtraq_id(109247);\n script_xref(name:\"IAVA\", value:\"2020-A-0143\");\n\n script_name(english:\"Photon OS 3.0: Mysql PHSA-2020-3.0-0082\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the mysql package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-82.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2760\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-2768\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"mysql-8.0.19-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"mysql-debuginfo-8.0.19-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"mysql-devel-8.0.19-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-11T15:18:10", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3732 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). (CVE-2019-2911)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2938)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2946)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2957)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2963, CVE-2019-2968)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2997, CVE-2020-2580)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-3004)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2570, CVE-2020-2573)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2589)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2679)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2765)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2770)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14725)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2914)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2960)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2966, CVE-2019-2967)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2974)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2982, CVE-2019-2998)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.017 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2019-2991)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2993)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-3009)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-3011)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-3018)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2574)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2577)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2579)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). (CVE-2020-2584)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2588)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2627)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2660)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2686)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).\n Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-2694)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2752)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2759)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2020-2760)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2762, CVE-2020-2893, CVE-2020-2895)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2763)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2780)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2804)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2812)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2814)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).\n Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2896)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2898)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling).\n Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2903)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2921)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-2922)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2925)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS).\n Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2926)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2930)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14539)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14540)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14547)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14550)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-14553)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).\n Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14559)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14567)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14568, CVE-2020-14623)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14575, CVE-2020-14620)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14576)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14586, CVE-2020-14702)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14619)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14632)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).\n (CVE-2020-14633)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2020-14634)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). (CVE-2020-14641)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2020-14643, CVE-2020-14651)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14656)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14680)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14624)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14631)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-17T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : mysql:8.0 (ELSA-2020-3732)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-2570", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "modified": "2021-05-11T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:mecab", "p-cpe:/a:oracle:linux:mecab-ipadic", "p-cpe:/a:oracle:linux:mecab-ipadic-eucjp", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:oracle:linux:mysql-common", "p-cpe:/a:oracle:linux:mysql-devel", "p-cpe:/a:oracle:linux:mysql-errmsg", "p-cpe:/a:oracle:linux:mysql-libs", "p-cpe:/a:oracle:linux:mysql-server", "p-cpe:/a:oracle:linux:mysql-test"], "id": "ORACLELINUX_ELSA-2020-3732.NASL", "href": "https://www.tenable.com/plugins/nessus/140614", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-3732.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140614);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/11\");\n\n script_cve_id(\n \"CVE-2019-2911\",\n \"CVE-2019-2914\",\n \"CVE-2019-2938\",\n \"CVE-2019-2946\",\n \"CVE-2019-2957\",\n \"CVE-2019-2960\",\n \"CVE-2019-2963\",\n \"CVE-2019-2966\",\n \"CVE-2019-2967\",\n \"CVE-2019-2968\",\n \"CVE-2019-2974\",\n \"CVE-2019-2982\",\n \"CVE-2019-2991\",\n \"CVE-2019-2993\",\n \"CVE-2019-2997\",\n \"CVE-2019-2998\",\n \"CVE-2019-3004\",\n \"CVE-2019-3009\",\n \"CVE-2019-3011\",\n \"CVE-2019-3018\",\n \"CVE-2020-2570\",\n \"CVE-2020-2573\",\n \"CVE-2020-2574\",\n \"CVE-2020-2577\",\n \"CVE-2020-2579\",\n \"CVE-2020-2580\",\n \"CVE-2020-2584\",\n \"CVE-2020-2588\",\n \"CVE-2020-2589\",\n \"CVE-2020-2627\",\n \"CVE-2020-2660\",\n \"CVE-2020-2679\",\n \"CVE-2020-2686\",\n \"CVE-2020-2694\",\n \"CVE-2020-2752\",\n \"CVE-2020-2759\",\n \"CVE-2020-2760\",\n \"CVE-2020-2761\",\n \"CVE-2020-2762\",\n \"CVE-2020-2763\",\n \"CVE-2020-2765\",\n \"CVE-2020-2770\",\n \"CVE-2020-2774\",\n \"CVE-2020-2779\",\n \"CVE-2020-2780\",\n \"CVE-2020-2804\",\n \"CVE-2020-2812\",\n \"CVE-2020-2814\",\n \"CVE-2020-2853\",\n \"CVE-2020-2892\",\n \"CVE-2020-2893\",\n \"CVE-2020-2895\",\n \"CVE-2020-2896\",\n \"CVE-2020-2897\",\n \"CVE-2020-2898\",\n \"CVE-2020-2901\",\n \"CVE-2020-2903\",\n \"CVE-2020-2904\",\n \"CVE-2020-2921\",\n \"CVE-2020-2922\",\n \"CVE-2020-2923\",\n \"CVE-2020-2924\",\n \"CVE-2020-2925\",\n \"CVE-2020-2926\",\n \"CVE-2020-2928\",\n \"CVE-2020-2930\",\n \"CVE-2020-14539\",\n \"CVE-2020-14540\",\n \"CVE-2020-14547\",\n \"CVE-2020-14550\",\n \"CVE-2020-14553\",\n \"CVE-2020-14559\",\n \"CVE-2020-14567\",\n \"CVE-2020-14568\",\n \"CVE-2020-14575\",\n \"CVE-2020-14576\",\n \"CVE-2020-14586\",\n \"CVE-2020-14597\",\n \"CVE-2020-14614\",\n \"CVE-2020-14619\",\n \"CVE-2020-14620\",\n \"CVE-2020-14623\",\n \"CVE-2020-14624\",\n \"CVE-2020-14631\",\n \"CVE-2020-14632\",\n \"CVE-2020-14633\",\n \"CVE-2020-14634\",\n \"CVE-2020-14641\",\n \"CVE-2020-14643\",\n \"CVE-2020-14651\",\n \"CVE-2020-14654\",\n \"CVE-2020-14656\",\n \"CVE-2020-14663\",\n \"CVE-2020-14678\",\n \"CVE-2020-14680\",\n \"CVE-2020-14697\",\n \"CVE-2020-14702\",\n \"CVE-2020-14725\"\n );\n\n script_name(english:\"Oracle Linux 8 : mysql:8.0 (ELSA-2020-3732)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-3732 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported\n versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset\n of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). (CVE-2019-2911)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2938)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that\n are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2946)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2957)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2963, CVE-2019-2968)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions\n that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2997, CVE-2020-2580)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions\n that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-3004)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2570, CVE-2020-2573)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2589)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2679)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2761, CVE-2020-2774, CVE-2020-2779,\n CVE-2020-2853)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2765)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions\n that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2770)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2892, CVE-2020-2897, CVE-2020-2901,\n CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14597, CVE-2020-14614, CVE-2020-14654,\n CVE-2020-14725)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability\n impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2914)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2960)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2966, CVE-2019-2967)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability\n impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2974)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2982, CVE-2019-2998)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.017 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2019-2991)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions\n that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2993)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported\n versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-3009)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions\n that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-3011)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-3018)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability\n allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2574)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2577)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability\n impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2579)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions\n that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows\n high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized access to critical data or complete access to all\n MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). (CVE-2020-2584)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2588)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions\n that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2627)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2660)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2686)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).\n Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server\n accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-2694)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability\n allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2752)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2759)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of\n MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2020-2760)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2762, CVE-2020-2893, CVE-2020-2895)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\n impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2763)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability\n impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2780)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported\n versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9\n (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2804)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported\n versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability\n impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2812)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2814)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).\n Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2896)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported\n version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2898)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling).\n Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2903)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2921)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability\n allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL\n Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-2922)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that\n are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2925)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS).\n Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2926)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions\n that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-2930)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability\n impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14539)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14540)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14547)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability\n allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14550)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported\n versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability\n allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to\n some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-14553)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).\n Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily\n exploitable vulnerability allows low privileged attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access\n to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). (CVE-2020-14559)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14567)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14568, CVE-2020-14623)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14575, CVE-2020-14620)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions\n that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14576)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14586, CVE-2020-14702)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions\n that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14619)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions\n that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14632)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS\n 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).\n (CVE-2020-14633)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score\n 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).\n (CVE-2020-14634)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported\n versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server\n accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). (CVE-2020-14641)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported\n versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2020-14643, CVE-2020-14651)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions\n that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14656)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2\n (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14680)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions\n that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14624)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported\n versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2020-14631)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-3732.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14697\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mecab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-test\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/mysql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\nif ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);\n\nappstreams = {\n 'mysql:8.0': [\n {'reference':'mecab-0.996-1.module+el8.0.0+5253+1dce7bb2.9', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-0.996-1.module+el8.0.0+5253+1dce7bb2.9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.0.1.module+el8.0.0+5253+1dce7bb2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.0.1.module+el8.0.0+5253+1dce7bb2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.0.1.module+el8.0.0+5253+1dce7bb2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.0.1.module+el8.0.0+5253+1dce7bb2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.21-1.module+el8.2.0+7793+cfe2b687', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-ipadic / mecab-ipadic-EUCJP / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:22:49", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3757 advisory.\n\n - mysql: Information Schema unspecified vulnerability (CPU Oct 2019) (CVE-2019-2911)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) (CVE-2019-2914, CVE-2019-2957)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2019) (CVE-2019-2946)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2019) (CVE-2019-2960)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998)\n\n - mysql: Server: C API unspecified vulnerability (CPU Oct 2019) (CVE-2019-2993, CVE-2019-3011)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2019) (CVE-2019-2997)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Oct 2019) (CVE-2019-3004)\n\n - mysql: Server: Connection unspecified vulnerability (CPU Oct 2019) (CVE-2019-3009)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) (CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2020) (CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)\n\n - mysql: C API unspecified vulnerability (CPU Jul 2020) (CVE-2020-14550)\n\n - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020) (CVE-2020-14553)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020) (CVE-2020-14559)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jul 2020) (CVE-2020-14567)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2020) (CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)\n\n - mysql: Server: UDF unspecified vulnerability (CPU Jul 2020) (CVE-2020-14576)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) (CVE-2020-14586, CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-14702)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jul 2020) (CVE-2020-14619)\n\n - mysql: Server: JSON unspecified vulnerability (CPU Jul 2020) (CVE-2020-14624)\n\n - mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2020) (CVE-2020-14631)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2020) (CVE-2020-14632)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Jul 2020) (CVE-2020-14656)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2020) (CVE-2020-14799)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2020) (CVE-2020-2577, CVE-2020-2589)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) (CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2020) (CVE-2020-2580)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jan 2020) (CVE-2020-2584)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2020) (CVE-2020-2588)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2020) (CVE-2020-2627)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020) (CVE-2020-2694)\n\n - mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752, CVE-2020-2922)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) (CVE-2020-2759, CVE-2020-2763)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) (CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) (CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2020) (CVE-2020-2770)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n - mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020) (CVE-2020-2804)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2020) (CVE-2020-2896)\n\n - mysql: Server: Charsets unspecified vulnerability (CPU Apr 2020) (CVE-2020-2898)\n\n - mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2020) (CVE-2020-2903)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2020) (CVE-2020-2921)\n\n - mysql: Server: PS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2925)\n\n - mysql: Server: Group Replication GCS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2926)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2020) (CVE-2020-2930)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021) (CVE-2021-1998, CVE-2021-2016, CVE-2021-2020)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2021) (CVE-2021-2006, CVE-2021-2007)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jan 2021) (CVE-2021-2009)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2021) (CVE-2021-2012, CVE-2021-2019)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2021) (CVE-2021-2144)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021) (CVE-2021-2160)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-15T00:00:00", "type": "nessus", "title": "RHEL 8 : mysql:8.0 (RHSA-2020:3757)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-14799", "CVE-2020-2570", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930", "CVE-2021-1998", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2012", "CVE-2021-2016", "CVE-2021-2019", "CVE-2021-2020", "CVE-2021-2144", "CVE-2021-2160"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql-devel", "p-cpe:/a:redhat:enterprise_linux:mysql-server", "p-cpe:/a:redhat:enterprise_linux:mysql-test", "p-cpe:/a:redhat:enterprise_linux:mysql-libs", "p-cpe:/a:redhat:enterprise_linux:mecab", "p-cpe:/a:redhat:enterprise_linux:mecab-ipadic", "p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-eucjp", "p-cpe:/a:redhat:enterprise_linux:mysql-common", "p-cpe:/a:redhat:enterprise_linux:mysql-errmsg", "cpe:/o:redhat:rhel_e4s:8.1"], "id": "REDHAT-RHSA-2020-3757.NASL", "href": "https://www.tenable.com/plugins/nessus/140599", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3757. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140599);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2019-2911\",\n \"CVE-2019-2914\",\n \"CVE-2019-2938\",\n \"CVE-2019-2946\",\n \"CVE-2019-2957\",\n \"CVE-2019-2960\",\n \"CVE-2019-2963\",\n \"CVE-2019-2966\",\n \"CVE-2019-2967\",\n \"CVE-2019-2968\",\n \"CVE-2019-2974\",\n \"CVE-2019-2982\",\n \"CVE-2019-2991\",\n \"CVE-2019-2993\",\n \"CVE-2019-2997\",\n \"CVE-2019-2998\",\n \"CVE-2019-3004\",\n \"CVE-2019-3009\",\n \"CVE-2019-3011\",\n \"CVE-2019-3018\",\n \"CVE-2020-2570\",\n \"CVE-2020-2573\",\n \"CVE-2020-2574\",\n \"CVE-2020-2577\",\n \"CVE-2020-2579\",\n \"CVE-2020-2580\",\n \"CVE-2020-2584\",\n \"CVE-2020-2588\",\n \"CVE-2020-2589\",\n \"CVE-2020-2627\",\n \"CVE-2020-2660\",\n \"CVE-2020-2679\",\n \"CVE-2020-2686\",\n \"CVE-2020-2694\",\n \"CVE-2020-2752\",\n \"CVE-2020-2759\",\n \"CVE-2020-2760\",\n \"CVE-2020-2761\",\n \"CVE-2020-2762\",\n \"CVE-2020-2763\",\n \"CVE-2020-2765\",\n \"CVE-2020-2770\",\n \"CVE-2020-2774\",\n \"CVE-2020-2779\",\n \"CVE-2020-2780\",\n \"CVE-2020-2804\",\n \"CVE-2020-2812\",\n \"CVE-2020-2814\",\n \"CVE-2020-2853\",\n \"CVE-2020-2892\",\n \"CVE-2020-2893\",\n \"CVE-2020-2895\",\n \"CVE-2020-2896\",\n \"CVE-2020-2897\",\n \"CVE-2020-2898\",\n \"CVE-2020-2901\",\n \"CVE-2020-2903\",\n \"CVE-2020-2904\",\n \"CVE-2020-2921\",\n \"CVE-2020-2922\",\n \"CVE-2020-2923\",\n \"CVE-2020-2924\",\n \"CVE-2020-2925\",\n \"CVE-2020-2926\",\n \"CVE-2020-2928\",\n \"CVE-2020-2930\",\n \"CVE-2020-14539\",\n \"CVE-2020-14540\",\n \"CVE-2020-14547\",\n \"CVE-2020-14550\",\n \"CVE-2020-14553\",\n \"CVE-2020-14559\",\n \"CVE-2020-14567\",\n \"CVE-2020-14568\",\n \"CVE-2020-14575\",\n \"CVE-2020-14576\",\n \"CVE-2020-14586\",\n \"CVE-2020-14597\",\n \"CVE-2020-14614\",\n \"CVE-2020-14619\",\n \"CVE-2020-14620\",\n \"CVE-2020-14623\",\n \"CVE-2020-14624\",\n \"CVE-2020-14631\",\n \"CVE-2020-14632\",\n \"CVE-2020-14633\",\n \"CVE-2020-14634\",\n \"CVE-2020-14641\",\n \"CVE-2020-14643\",\n \"CVE-2020-14651\",\n \"CVE-2020-14654\",\n \"CVE-2020-14656\",\n \"CVE-2020-14663\",\n \"CVE-2020-14678\",\n \"CVE-2020-14680\",\n \"CVE-2020-14697\",\n \"CVE-2020-14702\",\n \"CVE-2020-14725\",\n \"CVE-2020-14799\",\n \"CVE-2021-1998\",\n \"CVE-2021-2006\",\n \"CVE-2021-2007\",\n \"CVE-2021-2009\",\n \"CVE-2021-2012\",\n \"CVE-2021-2016\",\n \"CVE-2021-2019\",\n \"CVE-2021-2020\",\n \"CVE-2021-2144\",\n \"CVE-2021-2160\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0143\");\n script_xref(name:\"IAVA\", value:\"2020-A-0321\");\n script_xref(name:\"IAVA\", value:\"2021-A-0038\");\n script_xref(name:\"IAVA\", value:\"2020-A-0473-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2019-A-0383-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0021-S\");\n script_xref(name:\"RHSA\", value:\"2020:3757\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"RHEL 8 : mysql:8.0 (RHSA-2020:3757)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3757 advisory.\n\n - mysql: Information Schema unspecified vulnerability (CPU Oct 2019) (CVE-2019-2911)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) (CVE-2019-2914,\n CVE-2019-2957)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968,\n CVE-2019-3018)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2019) (CVE-2019-2946)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2019) (CVE-2019-2960)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2966, CVE-2019-2967,\n CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998)\n\n - mysql: Server: C API unspecified vulnerability (CPU Oct 2019) (CVE-2019-2993, CVE-2019-3011)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2019) (CVE-2019-2997)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Oct 2019) (CVE-2019-3004)\n\n - mysql: Server: Connection unspecified vulnerability (CPU Oct 2019) (CVE-2019-3009)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) (CVE-2020-14539, CVE-2020-14547,\n CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2020) (CVE-2020-14540, CVE-2020-14575,\n CVE-2020-14620)\n\n - mysql: C API unspecified vulnerability (CPU Jul 2020) (CVE-2020-14550)\n\n - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020) (CVE-2020-14553)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020) (CVE-2020-14559)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jul 2020) (CVE-2020-14567)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2020) (CVE-2020-14568, CVE-2020-14623, CVE-2020-14633,\n CVE-2020-14634)\n\n - mysql: Server: UDF unspecified vulnerability (CPU Jul 2020) (CVE-2020-14576)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) (CVE-2020-14586,\n CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-14702)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jul 2020) (CVE-2020-14619)\n\n - mysql: Server: JSON unspecified vulnerability (CPU Jul 2020) (CVE-2020-14624)\n\n - mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2020) (CVE-2020-14631)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2020) (CVE-2020-14632)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) (CVE-2020-14641, CVE-2020-14643,\n CVE-2020-14651)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Jul 2020) (CVE-2020-14656)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2020) (CVE-2020-14799)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2020) (CVE-2020-2577, CVE-2020-2589)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) (CVE-2020-2579, CVE-2020-2660,\n CVE-2020-2679, CVE-2020-2686)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2020) (CVE-2020-2580)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jan 2020) (CVE-2020-2584)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2020) (CVE-2020-2588)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2020) (CVE-2020-2627)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020) (CVE-2020-2694)\n\n - mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752, CVE-2020-2922)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) (CVE-2020-2759, CVE-2020-2763)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760, CVE-2020-2762, CVE-2020-2814,\n CVE-2020-2893, CVE-2020-2895)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) (CVE-2020-2761,\n CVE-2020-2774, CVE-2020-2779, CVE-2020-2853)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) (CVE-2020-2765, CVE-2020-2892,\n CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2020) (CVE-2020-2770)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n - mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020) (CVE-2020-2804)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2020) (CVE-2020-2896)\n\n - mysql: Server: Charsets unspecified vulnerability (CPU Apr 2020) (CVE-2020-2898)\n\n - mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2020) (CVE-2020-2903)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2020) (CVE-2020-2921)\n\n - mysql: Server: PS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2925)\n\n - mysql: Server: Group Replication GCS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2926)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2020) (CVE-2020-2930)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021) (CVE-2021-1998, CVE-2021-2016,\n CVE-2021-2020)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2021) (CVE-2021-2006, CVE-2021-2007)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jan 2021) (CVE-2021-2009)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2021) (CVE-2021-2012,\n CVE-2021-2019)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2021) (CVE-2021-2144)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021) (CVE-2021-2160)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2997\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2921\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796887\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830072\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922422\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1952806\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14697\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-2144\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'mysql:8.0': [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/appstream/debug',\n 'content/eus/rhel8/8.1/aarch64/appstream/os',\n 'content/eus/rhel8/8.1/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/baseos/debug',\n 'content/eus/rhel8/8.1/aarch64/baseos/os',\n 'content/eus/rhel8/8.1/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.1/aarch64/highavailability/os',\n 'content/eus/rhel8/8.1/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.1/aarch64/supplementary/os',\n 'content/eus/rhel8/8.1/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.1/ppc64le/appstream/os',\n 'content/eus/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.1/ppc64le/baseos/os',\n 'content/eus/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap/os',\n 'content/eus/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/appstream/debug',\n 'content/eus/rhel8/8.1/s390x/appstream/os',\n 'content/eus/rhel8/8.1/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/baseos/debug',\n 'content/eus/rhel8/8.1/s390x/baseos/os',\n 'content/eus/rhel8/8.1/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/highavailability/debug',\n 'content/eus/rhel8/8.1/s390x/highavailability/os',\n 'content/eus/rhel8/8.1/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/sap/debug',\n 'content/eus/rhel8/8.1/s390x/sap/os',\n 'content/eus/rhel8/8.1/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/supplementary/debug',\n 'content/eus/rhel8/8.1/s390x/supplementary/os',\n 'content/eus/rhel8/8.1/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.21-1.module+el8.1.0+7854+62e1520f', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/mysql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\nif ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-ipadic / mecab-ipadic-EUCJP / mysql / mysql-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:24:26", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3732 advisory.\n\n - mysql: Information Schema unspecified vulnerability (CPU Oct 2019) (CVE-2019-2911)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) (CVE-2019-2914, CVE-2019-2957)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2019) (CVE-2019-2946)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2019) (CVE-2019-2960)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998)\n\n - mysql: Server: C API unspecified vulnerability (CPU Oct 2019) (CVE-2019-2993, CVE-2019-3011)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2019) (CVE-2019-2997)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Oct 2019) (CVE-2019-3004)\n\n - mysql: Server: Connection unspecified vulnerability (CPU Oct 2019) (CVE-2019-3009)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) (CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2020) (CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)\n\n - mysql: C API unspecified vulnerability (CPU Jul 2020) (CVE-2020-14550)\n\n - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020) (CVE-2020-14553)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020) (CVE-2020-14559)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jul 2020) (CVE-2020-14567)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2020) (CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)\n\n - mysql: Server: UDF unspecified vulnerability (CPU Jul 2020) (CVE-2020-14576)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) (CVE-2020-14586, CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-14702)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jul 2020) (CVE-2020-14619)\n\n - mysql: Server: JSON unspecified vulnerability (CPU Jul 2020) (CVE-2020-14624)\n\n - mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2020) (CVE-2020-14631)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2020) (CVE-2020-14632)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Jul 2020) (CVE-2020-14656)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2020) (CVE-2020-14799)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2020) (CVE-2020-2577, CVE-2020-2589)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) (CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2020) (CVE-2020-2580)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jan 2020) (CVE-2020-2584)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2020) (CVE-2020-2588)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2020) (CVE-2020-2627)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020) (CVE-2020-2694)\n\n - mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752, CVE-2020-2922)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) (CVE-2020-2759, CVE-2020-2763)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) (CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) (CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2020) (CVE-2020-2770)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n - mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020) (CVE-2020-2804)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2020) (CVE-2020-2896)\n\n - mysql: Server: Charsets unspecified vulnerability (CPU Apr 2020) (CVE-2020-2898)\n\n - mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2020) (CVE-2020-2903)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2020) (CVE-2020-2921)\n\n - mysql: Server: PS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2925)\n\n - mysql: Server: Group Replication GCS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2926)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2020) (CVE-2020-2930)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021) (CVE-2021-1998, CVE-2021-2016, CVE-2021-2020)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2021) (CVE-2021-2006, CVE-2021-2007)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jan 2021) (CVE-2021-2009)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2021) (CVE-2021-2012, CVE-2021-2019)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2021) (CVE-2021-2144)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021) (CVE-2021-2160)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-18T00:00:00", "type": "nessus", "title": "RHEL 8 : mysql:8.0 (RHSA-2020:3732)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-14799", "CVE-2020-2570", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930", "CVE-2021-1998", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2012", "CVE-2021-2016", "CVE-2021-2019", "CVE-2021-2020", "CVE-2021-2144", "CVE-2021-2160"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql-devel", "p-cpe:/a:redhat:enterprise_linux:mysql-server", "p-cpe:/a:redhat:enterprise_linux:mysql-test", "p-cpe:/a:redhat:enterprise_linux:mysql-libs", "p-cpe:/a:redhat:enterprise_linux:mecab", "p-cpe:/a:redhat:enterprise_linux:mecab-ipadic", "p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-eucjp", "p-cpe:/a:redhat:enterprise_linux:mysql-common", "p-cpe:/a:redhat:enterprise_linux:mysql-errmsg", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6"], "id": "REDHAT-RHSA-2020-3732.NASL", "href": "https://www.tenable.com/plugins/nessus/143030", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3732. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143030);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2019-2911\",\n \"CVE-2019-2914\",\n \"CVE-2019-2938\",\n \"CVE-2019-2946\",\n \"CVE-2019-2957\",\n \"CVE-2019-2960\",\n \"CVE-2019-2963\",\n \"CVE-2019-2966\",\n \"CVE-2019-2967\",\n \"CVE-2019-2968\",\n \"CVE-2019-2974\",\n \"CVE-2019-2982\",\n \"CVE-2019-2991\",\n \"CVE-2019-2993\",\n \"CVE-2019-2997\",\n \"CVE-2019-2998\",\n \"CVE-2019-3004\",\n \"CVE-2019-3009\",\n \"CVE-2019-3011\",\n \"CVE-2019-3018\",\n \"CVE-2020-2570\",\n \"CVE-2020-2573\",\n \"CVE-2020-2574\",\n \"CVE-2020-2577\",\n \"CVE-2020-2579\",\n \"CVE-2020-2580\",\n \"CVE-2020-2584\",\n \"CVE-2020-2588\",\n \"CVE-2020-2589\",\n \"CVE-2020-2627\",\n \"CVE-2020-2660\",\n \"CVE-2020-2679\",\n \"CVE-2020-2686\",\n \"CVE-2020-2694\",\n \"CVE-2020-2752\",\n \"CVE-2020-2759\",\n \"CVE-2020-2760\",\n \"CVE-2020-2761\",\n \"CVE-2020-2762\",\n \"CVE-2020-2763\",\n \"CVE-2020-2765\",\n \"CVE-2020-2770\",\n \"CVE-2020-2774\",\n \"CVE-2020-2779\",\n \"CVE-2020-2780\",\n \"CVE-2020-2804\",\n \"CVE-2020-2812\",\n \"CVE-2020-2814\",\n \"CVE-2020-2853\",\n \"CVE-2020-2892\",\n \"CVE-2020-2893\",\n \"CVE-2020-2895\",\n \"CVE-2020-2896\",\n \"CVE-2020-2897\",\n \"CVE-2020-2898\",\n \"CVE-2020-2901\",\n \"CVE-2020-2903\",\n \"CVE-2020-2904\",\n \"CVE-2020-2921\",\n \"CVE-2020-2922\",\n \"CVE-2020-2923\",\n \"CVE-2020-2924\",\n \"CVE-2020-2925\",\n \"CVE-2020-2926\",\n \"CVE-2020-2928\",\n \"CVE-2020-2930\",\n \"CVE-2020-14539\",\n \"CVE-2020-14540\",\n \"CVE-2020-14547\",\n \"CVE-2020-14550\",\n \"CVE-2020-14553\",\n \"CVE-2020-14559\",\n \"CVE-2020-14567\",\n \"CVE-2020-14568\",\n \"CVE-2020-14575\",\n \"CVE-2020-14576\",\n \"CVE-2020-14586\",\n \"CVE-2020-14597\",\n \"CVE-2020-14614\",\n \"CVE-2020-14619\",\n \"CVE-2020-14620\",\n \"CVE-2020-14623\",\n \"CVE-2020-14624\",\n \"CVE-2020-14631\",\n \"CVE-2020-14632\",\n \"CVE-2020-14633\",\n \"CVE-2020-14634\",\n \"CVE-2020-14641\",\n \"CVE-2020-14643\",\n \"CVE-2020-14651\",\n \"CVE-2020-14654\",\n \"CVE-2020-14656\",\n \"CVE-2020-14663\",\n \"CVE-2020-14678\",\n \"CVE-2020-14680\",\n \"CVE-2020-14697\",\n \"CVE-2020-14702\",\n \"CVE-2020-14725\",\n \"CVE-2020-14799\",\n \"CVE-2021-1998\",\n \"CVE-2021-2006\",\n \"CVE-2021-2007\",\n \"CVE-2021-2009\",\n \"CVE-2021-2012\",\n \"CVE-2021-2016\",\n \"CVE-2021-2019\",\n \"CVE-2021-2020\",\n \"CVE-2021-2144\",\n \"CVE-2021-2160\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0143\");\n script_xref(name:\"IAVA\", value:\"2020-A-0321\");\n script_xref(name:\"IAVA\", value:\"2021-A-0038\");\n script_xref(name:\"IAVA\", value:\"2020-A-0473-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2019-A-0383-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0021-S\");\n script_xref(name:\"RHSA\", value:\"2020:3732\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"RHEL 8 : mysql:8.0 (RHSA-2020:3732)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3732 advisory.\n\n - mysql: Information Schema unspecified vulnerability (CPU Oct 2019) (CVE-2019-2911)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) (CVE-2019-2914,\n CVE-2019-2957)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968,\n CVE-2019-3018)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2019) (CVE-2019-2946)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2019) (CVE-2019-2960)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2966, CVE-2019-2967,\n CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998)\n\n - mysql: Server: C API unspecified vulnerability (CPU Oct 2019) (CVE-2019-2993, CVE-2019-3011)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2019) (CVE-2019-2997)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Oct 2019) (CVE-2019-3004)\n\n - mysql: Server: Connection unspecified vulnerability (CPU Oct 2019) (CVE-2019-3009)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) (CVE-2020-14539, CVE-2020-14547,\n CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2020) (CVE-2020-14540, CVE-2020-14575,\n CVE-2020-14620)\n\n - mysql: C API unspecified vulnerability (CPU Jul 2020) (CVE-2020-14550)\n\n - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020) (CVE-2020-14553)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020) (CVE-2020-14559)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jul 2020) (CVE-2020-14567)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2020) (CVE-2020-14568, CVE-2020-14623, CVE-2020-14633,\n CVE-2020-14634)\n\n - mysql: Server: UDF unspecified vulnerability (CPU Jul 2020) (CVE-2020-14576)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) (CVE-2020-14586,\n CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-14702)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jul 2020) (CVE-2020-14619)\n\n - mysql: Server: JSON unspecified vulnerability (CPU Jul 2020) (CVE-2020-14624)\n\n - mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2020) (CVE-2020-14631)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2020) (CVE-2020-14632)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) (CVE-2020-14641, CVE-2020-14643,\n CVE-2020-14651)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Jul 2020) (CVE-2020-14656)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2020) (CVE-2020-14799)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2020) (CVE-2020-2577, CVE-2020-2589)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) (CVE-2020-2579, CVE-2020-2660,\n CVE-2020-2679, CVE-2020-2686)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2020) (CVE-2020-2580)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jan 2020) (CVE-2020-2584)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2020) (CVE-2020-2588)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2020) (CVE-2020-2627)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020) (CVE-2020-2694)\n\n - mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752, CVE-2020-2922)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) (CVE-2020-2759, CVE-2020-2763)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760, CVE-2020-2762, CVE-2020-2814,\n CVE-2020-2893, CVE-2020-2895)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) (CVE-2020-2761,\n CVE-2020-2774, CVE-2020-2779, CVE-2020-2853)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) (CVE-2020-2765, CVE-2020-2892,\n CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2020) (CVE-2020-2770)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n - mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020) (CVE-2020-2804)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2020) (CVE-2020-2896)\n\n - mysql: Server: Charsets unspecified vulnerability (CPU Apr 2020) (CVE-2020-2898)\n\n - mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2020) (CVE-2020-2903)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2020) (CVE-2020-2921)\n\n - mysql: Server: PS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2925)\n\n - mysql: Server: Group Replication GCS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2926)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2020) (CVE-2020-2930)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021) (CVE-2021-1998, CVE-2021-2016,\n CVE-2021-2020)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2021) (CVE-2021-2006, CVE-2021-2007)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jan 2021) (CVE-2021-2009)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2021) (CVE-2021-2012,\n CVE-2021-2019)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2021) (CVE-2021-2144)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021) (CVE-2021-2160)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2997\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2921\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796887\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830072\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922422\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1952806\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14697\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-2144\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'mysql:8.0': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'sp':'2', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'2', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'2', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'sp':'4', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'4', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'4', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'4', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'4', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'4', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'4', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'4', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'4', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'4', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'sp':'6', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'6', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'6', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'6', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'6', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'6', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'6', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'6', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'6', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.21-1.module+el8.2.0+7855+47abd494', 'sp':'6', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.21-1.module+el8.2.0+7855+47abd494', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.21-1.module+el8.2.0+7855+47abd494', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.21-1.module+el8.2.0+7855+47abd494', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.21-1.module+el8.2.0+7855+47abd494', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.21-1.module+el8.2.0+7855+47abd494', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.21-1.module+el8.2.0+7855+47abd494', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.21-1.module+el8.2.0+7855+47abd494', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/mysql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\nif ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-ipadic / mecab-ipadic-EUCJP / mysql / mysql-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-07T18:15:30", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3518 advisory.\n\n - mysql: Information Schema unspecified vulnerability (CPU Oct 2019) (CVE-2019-2911)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) (CVE-2019-2914, CVE-2019-2957)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2019) (CVE-2019-2946)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2019) (CVE-2019-2960)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998)\n\n - mysql: Server: C API unspecified vulnerability (CPU Oct 2019) (CVE-2019-2993, CVE-2019-3011)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2019) (CVE-2019-2997)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Oct 2019) (CVE-2019-3004)\n\n - mysql: Server: Connection unspecified vulnerability (CPU Oct 2019) (CVE-2019-3009)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) (CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2020) (CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)\n\n - mysql: C API unspecified vulnerability (CPU Jul 2020) (CVE-2020-14550)\n\n - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020) (CVE-2020-14553)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020) (CVE-2020-14559)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jul 2020) (CVE-2020-14567)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2020) (CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)\n\n - mysql: Server: UDF unspecified vulnerability (CPU Jul 2020) (CVE-2020-14576)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) (CVE-2020-14586, CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-14702)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jul 2020) (CVE-2020-14619)\n\n - mysql: Server: JSON unspecified vulnerability (CPU Jul 2020) (CVE-2020-14624)\n\n - mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2020) (CVE-2020-14631)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2020) (CVE-2020-14632)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Jul 2020) (CVE-2020-14656)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2020) (CVE-2020-14799)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2020) (CVE-2020-2577, CVE-2020-2589)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) (CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2020) (CVE-2020-2580)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jan 2020) (CVE-2020-2584)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2020) (CVE-2020-2588)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2020) (CVE-2020-2627)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020) (CVE-2020-2694)\n\n - mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752, CVE-2020-2922)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) (CVE-2020-2759, CVE-2020-2763)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) (CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) (CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2020) (CVE-2020-2770)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n - mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020) (CVE-2020-2804)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2020) (CVE-2020-2896)\n\n - mysql: Server: Charsets unspecified vulnerability (CPU Apr 2020) (CVE-2020-2898)\n\n - mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2020) (CVE-2020-2903)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2020) (CVE-2020-2921)\n\n - mysql: Server: PS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2925)\n\n - mysql: Server: Group Replication GCS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2926)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2020) (CVE-2020-2930)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021) (CVE-2021-1998, CVE-2021-2016, CVE-2021-2020)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2021) (CVE-2021-2006, CVE-2021-2007)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jan 2021) (CVE-2021-2009)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2021) (CVE-2021-2012, CVE-2021-2019)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2021) (CVE-2021-2144)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021) (CVE-2021-2160)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-23T00:00:00", "type": "nessus", "title": "RHEL 7 : rh-mysql80-mysql (RHSA-2020:3518)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-14799", "CVE-2020-2570", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930", "CVE-2021-1998", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2012", "CVE-2021-2016", "CVE-2021-2019", "CVE-2021-2020", "CVE-2021-2144", "CVE-2021-2160"], "modified": "2023-09-07T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-common", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-devel", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-errmsg", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-test"], "id": "REDHAT-RHSA-2020-3518.NASL", "href": "https://www.tenable.com/plugins/nessus/170309", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3518. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170309);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\n \"CVE-2019-2911\",\n \"CVE-2019-2914\",\n \"CVE-2019-2938\",\n \"CVE-2019-2946\",\n \"CVE-2019-2957\",\n \"CVE-2019-2960\",\n \"CVE-2019-2963\",\n \"CVE-2019-2966\",\n \"CVE-2019-2967\",\n \"CVE-2019-2968\",\n \"CVE-2019-2974\",\n \"CVE-2019-2982\",\n \"CVE-2019-2991\",\n \"CVE-2019-2993\",\n \"CVE-2019-2997\",\n \"CVE-2019-2998\",\n \"CVE-2019-3004\",\n \"CVE-2019-3009\",\n \"CVE-2019-3011\",\n \"CVE-2019-3018\",\n \"CVE-2020-2570\",\n \"CVE-2020-2573\",\n \"CVE-2020-2574\",\n \"CVE-2020-2577\",\n \"CVE-2020-2579\",\n \"CVE-2020-2580\",\n \"CVE-2020-2584\",\n \"CVE-2020-2588\",\n \"CVE-2020-2589\",\n \"CVE-2020-2627\",\n \"CVE-2020-2660\",\n \"CVE-2020-2679\",\n \"CVE-2020-2686\",\n \"CVE-2020-2694\",\n \"CVE-2020-2752\",\n \"CVE-2020-2759\",\n \"CVE-2020-2760\",\n \"CVE-2020-2761\",\n \"CVE-2020-2762\",\n \"CVE-2020-2763\",\n \"CVE-2020-2765\",\n \"CVE-2020-2770\",\n \"CVE-2020-2774\",\n \"CVE-2020-2779\",\n \"CVE-2020-2780\",\n \"CVE-2020-2804\",\n \"CVE-2020-2812\",\n \"CVE-2020-2814\",\n \"CVE-2020-2853\",\n \"CVE-2020-2892\",\n \"CVE-2020-2893\",\n \"CVE-2020-2895\",\n \"CVE-2020-2896\",\n \"CVE-2020-2897\",\n \"CVE-2020-2898\",\n \"CVE-2020-2901\",\n \"CVE-2020-2903\",\n \"CVE-2020-2904\",\n \"CVE-2020-2921\",\n \"CVE-2020-2922\",\n \"CVE-2020-2923\",\n \"CVE-2020-2924\",\n \"CVE-2020-2925\",\n \"CVE-2020-2926\",\n \"CVE-2020-2928\",\n \"CVE-2020-2930\",\n \"CVE-2020-14539\",\n \"CVE-2020-14540\",\n \"CVE-2020-14547\",\n \"CVE-2020-14550\",\n \"CVE-2020-14553\",\n \"CVE-2020-14559\",\n \"CVE-2020-14567\",\n \"CVE-2020-14568\",\n \"CVE-2020-14575\",\n \"CVE-2020-14576\",\n \"CVE-2020-14586\",\n \"CVE-2020-14597\",\n \"CVE-2020-14614\",\n \"CVE-2020-14619\",\n \"CVE-2020-14620\",\n \"CVE-2020-14623\",\n \"CVE-2020-14624\",\n \"CVE-2020-14631\",\n \"CVE-2020-14632\",\n \"CVE-2020-14633\",\n \"CVE-2020-14634\",\n \"CVE-2020-14641\",\n \"CVE-2020-14643\",\n \"CVE-2020-14651\",\n \"CVE-2020-14654\",\n \"CVE-2020-14656\",\n \"CVE-2020-14663\",\n \"CVE-2020-14678\",\n \"CVE-2020-14680\",\n \"CVE-2020-14697\",\n \"CVE-2020-14702\",\n \"CVE-2020-14725\",\n \"CVE-2020-14799\",\n \"CVE-2021-1998\",\n \"CVE-2021-2006\",\n \"CVE-2021-2007\",\n \"CVE-2021-2009\",\n \"CVE-2021-2012\",\n \"CVE-2021-2016\",\n \"CVE-2021-2019\",\n \"CVE-2021-2020\",\n \"CVE-2021-2144\",\n \"CVE-2021-2160\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3518\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 7 : rh-mysql80-mysql (RHSA-2020:3518)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3518 advisory.\n\n - mysql: Information Schema unspecified vulnerability (CPU Oct 2019) (CVE-2019-2911)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) (CVE-2019-2914,\n CVE-2019-2957)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968,\n CVE-2019-3018)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2019) (CVE-2019-2946)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2019) (CVE-2019-2960)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2966, CVE-2019-2967,\n CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998)\n\n - mysql: Server: C API unspecified vulnerability (CPU Oct 2019) (CVE-2019-2993, CVE-2019-3011)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2019) (CVE-2019-2997)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Oct 2019) (CVE-2019-3004)\n\n - mysql: Server: Connection unspecified vulnerability (CPU Oct 2019) (CVE-2019-3009)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) (CVE-2020-14539, CVE-2020-14547,\n CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2020) (CVE-2020-14540, CVE-2020-14575,\n CVE-2020-14620)\n\n - mysql: C API unspecified vulnerability (CPU Jul 2020) (CVE-2020-14550)\n\n - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020) (CVE-2020-14553)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020) (CVE-2020-14559)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jul 2020) (CVE-2020-14567)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2020) (CVE-2020-14568, CVE-2020-14623, CVE-2020-14633,\n CVE-2020-14634)\n\n - mysql: Server: UDF unspecified vulnerability (CPU Jul 2020) (CVE-2020-14576)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) (CVE-2020-14586,\n CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-14702)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jul 2020) (CVE-2020-14619)\n\n - mysql: Server: JSON unspecified vulnerability (CPU Jul 2020) (CVE-2020-14624)\n\n - mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2020) (CVE-2020-14631)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2020) (CVE-2020-14632)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) (CVE-2020-14641, CVE-2020-14643,\n CVE-2020-14651)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Jul 2020) (CVE-2020-14656)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2020) (CVE-2020-14799)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2020) (CVE-2020-2577, CVE-2020-2589)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) (CVE-2020-2579, CVE-2020-2660,\n CVE-2020-2679, CVE-2020-2686)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2020) (CVE-2020-2580)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jan 2020) (CVE-2020-2584)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2020) (CVE-2020-2588)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2020) (CVE-2020-2627)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020) (CVE-2020-2694)\n\n - mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752, CVE-2020-2922)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) (CVE-2020-2759, CVE-2020-2763)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760, CVE-2020-2762, CVE-2020-2814,\n CVE-2020-2893, CVE-2020-2895)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) (CVE-2020-2761,\n CVE-2020-2774, CVE-2020-2779, CVE-2020-2853)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) (CVE-2020-2765, CVE-2020-2892,\n CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2020) (CVE-2020-2770)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n - mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020) (CVE-2020-2804)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2020) (CVE-2020-2896)\n\n - mysql: Server: Charsets unspecified vulnerability (CPU Apr 2020) (CVE-2020-2898)\n\n - mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2020) (CVE-2020-2903)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2020) (CVE-2020-2921)\n\n - mysql: Server: PS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2925)\n\n - mysql: Server: Group Replication GCS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2926)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2020) (CVE-2020-2930)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021) (CVE-2021-1998, CVE-2021-2016,\n CVE-2021-2020)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2021) (CVE-2021-2006, CVE-2021-2007)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jan 2021) (CVE-2021-2009)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2021) (CVE-2021-2012,\n CVE-2021-2019)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2021) (CVE-2021-2144)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021) (CVE-2021-2160)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2997\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2921\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796887\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830072\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922422\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1952806\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-2144\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/os',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-mysql80-mysql-8.0.21-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-8.0.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-8.0.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-common-8.0.21-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-common-8.0.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-common-8.0.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-config-8.0.21-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-config-8.0.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-config-8.0.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-config-syspaths-8.0.21-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-config-syspaths-8.0.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-config-syspaths-8.0.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-devel-8.0.21-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-devel-8.0.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-devel-8.0.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-errmsg-8.0.21-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-errmsg-8.0.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-errmsg-8.0.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-server-8.0.21-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-server-8.0.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-server-8.0.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-server-syspaths-8.0.21-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-server-syspaths-8.0.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-server-syspaths-8.0.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-syspaths-8.0.21-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-syspaths-8.0.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-syspaths-8.0.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-test-8.0.21-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-test-8.0.21-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-test-8.0.21-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-mysql80-mysql / rh-mysql80-mysql-common / rh-mysql80-mysql-config / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-11T15:17:09", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3755 advisory.\n\n - mysql: Information Schema unspecified vulnerability (CPU Oct 2019) (CVE-2019-2911)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) (CVE-2019-2914, CVE-2019-2957)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2019) (CVE-2019-2946)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2019) (CVE-2019-2960)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998)\n\n - mysql: Server: C API unspecified vulnerability (CPU Oct 2019) (CVE-2019-2993, CVE-2019-3011)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2019) (CVE-2019-2997)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Oct 2019) (CVE-2019-3004)\n\n - mysql: Server: Connection unspecified vulnerability (CPU Oct 2019) (CVE-2019-3009)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) (CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2020) (CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)\n\n - mysql: C API unspecified vulnerability (CPU Jul 2020) (CVE-2020-14550)\n\n - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020) (CVE-2020-14553)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020) (CVE-2020-14559)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jul 2020) (CVE-2020-14567)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2020) (CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)\n\n - mysql: Server: UDF unspecified vulnerability (CPU Jul 2020) (CVE-2020-14576)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) (CVE-2020-14586, CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-14702)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jul 2020) (CVE-2020-14619)\n\n - mysql: Server: JSON unspecified vulnerability (CPU Jul 2020) (CVE-2020-14624)\n\n - mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2020) (CVE-2020-14631)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2020) (CVE-2020-14632)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Jul 2020) (CVE-2020-14656)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2020) (CVE-2020-14799)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2020) (CVE-2020-2577, CVE-2020-2589)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) (CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2020) (CVE-2020-2580)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jan 2020) (CVE-2020-2584)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2020) (CVE-2020-2588)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2020) (CVE-2020-2627)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020) (CVE-2020-2694)\n\n - mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752, CVE-2020-2922)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) (CVE-2020-2759, CVE-2020-2763)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) (CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) (CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2020) (CVE-2020-2770)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n - mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020) (CVE-2020-2804)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2020) (CVE-2020-2896)\n\n - mysql: Server: Charsets unspecified vulnerability (CPU Apr 2020) (CVE-2020-2898)\n\n - mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2020) (CVE-2020-2903)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2020) (CVE-2020-2921)\n\n - mysql: Server: PS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2925)\n\n - mysql: Server: Group Replication GCS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2926)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2020) (CVE-2020-2930)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021) (CVE-2021-1998, CVE-2021-2016, CVE-2021-2020)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2021) (CVE-2021-2006, CVE-2021-2007)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jan 2021) (CVE-2021-2009)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2021) (CVE-2021-2012, CVE-2021-2019)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2021) (CVE-2021-2144)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021) (CVE-2021-2160)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-15T00:00:00", "type": "nessus", "title": "RHEL 8 : mysql:8.0 (RHSA-2020:3755)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-14799", "CVE-2020-2570", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930", "CVE-2021-1998", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2012", "CVE-2021-2016", "CVE-2021-2019", "CVE-2021-2020", "CVE-2021-2144", "CVE-2021-2160"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.0", "p-cpe:/a:redhat:enterprise_linux:mecab", "p-cpe:/a:redhat:enterprise_linux:mecab-ipadic", "p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-eucjp", "p-cpe:/a:redhat:enterprise_linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql-common", "p-cpe:/a:redhat:enterprise_linux:mysql-devel", "p-cpe:/a:redhat:enterprise_linux:mysql-errmsg", "p-cpe:/a:redhat:enterprise_linux:mysql-libs", "p-cpe:/a:redhat:enterprise_linux:mysql-server", "p-cpe:/a:redhat:enterprise_linux:mysql-test"], "id": "REDHAT-RHSA-2020-3755.NASL", "href": "https://www.tenable.com/plugins/nessus/140598", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3755. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140598);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2019-2911\",\n \"CVE-2019-2914\",\n \"CVE-2019-2938\",\n \"CVE-2019-2946\",\n \"CVE-2019-2957\",\n \"CVE-2019-2960\",\n \"CVE-2019-2963\",\n \"CVE-2019-2966\",\n \"CVE-2019-2967\",\n \"CVE-2019-2968\",\n \"CVE-2019-2974\",\n \"CVE-2019-2982\",\n \"CVE-2019-2991\",\n \"CVE-2019-2993\",\n \"CVE-2019-2997\",\n \"CVE-2019-2998\",\n \"CVE-2019-3004\",\n \"CVE-2019-3009\",\n \"CVE-2019-3011\",\n \"CVE-2019-3018\",\n \"CVE-2020-2570\",\n \"CVE-2020-2573\",\n \"CVE-2020-2574\",\n \"CVE-2020-2577\",\n \"CVE-2020-2579\",\n \"CVE-2020-2580\",\n \"CVE-2020-2584\",\n \"CVE-2020-2588\",\n \"CVE-2020-2589\",\n \"CVE-2020-2627\",\n \"CVE-2020-2660\",\n \"CVE-2020-2679\",\n \"CVE-2020-2686\",\n \"CVE-2020-2694\",\n \"CVE-2020-2752\",\n \"CVE-2020-2759\",\n \"CVE-2020-2760\",\n \"CVE-2020-2761\",\n \"CVE-2020-2762\",\n \"CVE-2020-2763\",\n \"CVE-2020-2765\",\n \"CVE-2020-2770\",\n \"CVE-2020-2774\",\n \"CVE-2020-2779\",\n \"CVE-2020-2780\",\n \"CVE-2020-2804\",\n \"CVE-2020-2812\",\n \"CVE-2020-2814\",\n \"CVE-2020-2853\",\n \"CVE-2020-2892\",\n \"CVE-2020-2893\",\n \"CVE-2020-2895\",\n \"CVE-2020-2896\",\n \"CVE-2020-2897\",\n \"CVE-2020-2898\",\n \"CVE-2020-2901\",\n \"CVE-2020-2903\",\n \"CVE-2020-2904\",\n \"CVE-2020-2921\",\n \"CVE-2020-2922\",\n \"CVE-2020-2923\",\n \"CVE-2020-2924\",\n \"CVE-2020-2925\",\n \"CVE-2020-2926\",\n \"CVE-2020-2928\",\n \"CVE-2020-2930\",\n \"CVE-2020-14539\",\n \"CVE-2020-14540\",\n \"CVE-2020-14547\",\n \"CVE-2020-14550\",\n \"CVE-2020-14553\",\n \"CVE-2020-14559\",\n \"CVE-2020-14567\",\n \"CVE-2020-14568\",\n \"CVE-2020-14575\",\n \"CVE-2020-14576\",\n \"CVE-2020-14586\",\n \"CVE-2020-14597\",\n \"CVE-2020-14614\",\n \"CVE-2020-14619\",\n \"CVE-2020-14620\",\n \"CVE-2020-14623\",\n \"CVE-2020-14624\",\n \"CVE-2020-14631\",\n \"CVE-2020-14632\",\n \"CVE-2020-14633\",\n \"CVE-2020-14634\",\n \"CVE-2020-14641\",\n \"CVE-2020-14643\",\n \"CVE-2020-14651\",\n \"CVE-2020-14654\",\n \"CVE-2020-14656\",\n \"CVE-2020-14663\",\n \"CVE-2020-14678\",\n \"CVE-2020-14680\",\n \"CVE-2020-14697\",\n \"CVE-2020-14702\",\n \"CVE-2020-14725\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3755\");\n script_xref(name:\"IAVA\", value:\"2020-A-0143\");\n script_xref(name:\"IAVA\", value:\"2020-A-0473-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0321\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0038\");\n script_xref(name:\"IAVA\", value:\"2019-A-0383-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0021-S\");\n\n script_name(english:\"RHEL 8 : mysql:8.0 (RHSA-2020:3755)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3755 advisory.\n\n - mysql: Information Schema unspecified vulnerability (CPU Oct 2019) (CVE-2019-2911)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) (CVE-2019-2914,\n CVE-2019-2957)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968,\n CVE-2019-3018)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2019) (CVE-2019-2946)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2019) (CVE-2019-2960)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2966, CVE-2019-2967,\n CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998)\n\n - mysql: Server: C API unspecified vulnerability (CPU Oct 2019) (CVE-2019-2993, CVE-2019-3011)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2019) (CVE-2019-2997)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Oct 2019) (CVE-2019-3004)\n\n - mysql: Server: Connection unspecified vulnerability (CPU Oct 2019) (CVE-2019-3009)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) (CVE-2020-14539, CVE-2020-14547,\n CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2020) (CVE-2020-14540, CVE-2020-14575,\n CVE-2020-14620)\n\n - mysql: C API unspecified vulnerability (CPU Jul 2020) (CVE-2020-14550)\n\n - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020) (CVE-2020-14553)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020) (CVE-2020-14559)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jul 2020) (CVE-2020-14567)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2020) (CVE-2020-14568, CVE-2020-14623, CVE-2020-14633,\n CVE-2020-14634)\n\n - mysql: Server: UDF unspecified vulnerability (CPU Jul 2020) (CVE-2020-14576)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) (CVE-2020-14586,\n CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-14702)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jul 2020) (CVE-2020-14619)\n\n - mysql: Server: JSON unspecified vulnerability (CPU Jul 2020) (CVE-2020-14624)\n\n - mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2020) (CVE-2020-14631)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2020) (CVE-2020-14632)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) (CVE-2020-14641, CVE-2020-14643,\n CVE-2020-14651)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Jul 2020) (CVE-2020-14656)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2020) (CVE-2020-14799)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2020) (CVE-2020-2577, CVE-2020-2589)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) (CVE-2020-2579, CVE-2020-2660,\n CVE-2020-2679, CVE-2020-2686)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2020) (CVE-2020-2580)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jan 2020) (CVE-2020-2584)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2020) (CVE-2020-2588)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2020) (CVE-2020-2627)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020) (CVE-2020-2694)\n\n - mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752, CVE-2020-2922)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) (CVE-2020-2759, CVE-2020-2763)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760, CVE-2020-2762, CVE-2020-2814,\n CVE-2020-2893, CVE-2020-2895)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) (CVE-2020-2761,\n CVE-2020-2774, CVE-2020-2779, CVE-2020-2853)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) (CVE-2020-2765, CVE-2020-2892,\n CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2020) (CVE-2020-2770)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n - mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020) (CVE-2020-2804)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2020) (CVE-2020-2896)\n\n - mysql: Server: Charsets unspecified vulnerability (CPU Apr 2020) (CVE-2020-2898)\n\n - mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2020) (CVE-2020-2903)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2020) (CVE-2020-2921)\n\n - mysql: Server: PS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2925)\n\n - mysql: Server: Group Replication GCS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2926)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2020) (CVE-2020-2930)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021) (CVE-2021-1998, CVE-2021-2016,\n CVE-2021-2020)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2021) (CVE-2021-2006, CVE-2021-2007)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jan 2021) (CVE-2021-2009)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2021) (CVE-2021-2012,\n CVE-2021-2019)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2021) (CVE-2021-2144)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021) (CVE-2021-2160)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2997\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-2998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2921\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1764701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796887\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830066\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830072\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1830082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835850\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922422\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1952806\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14697\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.0')) audit(AUDIT_OS_NOT, 'Red Hat 8.0', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'mysql:8.0': [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.0/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.0/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.0/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.0/ppc64le/sap/os',\n 'content/e4s/rhel8/8.0/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.0/x86_64/appstream/os',\n 'content/e4s/rhel8/8.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.0/x86_64/baseos/os',\n 'content/e4s/rhel8/8.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap/os',\n 'content/e4s/rhel8/8.0/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.21-1.module+el8.0.0+7853+3a2b0b25', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.21-1.module+el8.0.0+7853+3a2b0b25', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.21-1.module+el8.0.0+7853+3a2b0b25', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.21-1.module+el8.0.0+7853+3a2b0b25', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.21-1.module+el8.0.0+7853+3a2b0b25', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.21-1.module+el8.0.0+7853+3a2b0b25', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.21-1.module+el8.0.0+7853+3a2b0b25', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.21-1.module+el8.0.0+7853+3a2b0b25', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.21-1.module+el8.0.0+7853+3a2b0b25', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.21-1.module+el8.0.0+7853+3a2b0b25', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.21-1.module+el8.0.0+7853+3a2b0b25', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.21-1.module+el8.0.0+7853+3a2b0b25', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.21-1.module+el8.0.0+7853+3a2b0b25', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.21-1.module+el8.0.0+7853+3a2b0b25', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/mysql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\nif ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-ipadic / mecab-ipadic-EUCJP / mysql / mysql-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-06T14:11:02", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3732 advisory.\n\n - mysql: Information Schema unspecified vulnerability (CPU Oct 2019) (CVE-2019-2911)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) (CVE-2019-2914, CVE-2019-2957)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2019) (CVE-2019-2946)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2019) (CVE-2019-2960)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998)\n\n - mysql: Server: C API unspecified vulnerability (CPU Oct 2019) (CVE-2019-2993, CVE-2019-3011)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2019) (CVE-2019-2997)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Oct 2019) (CVE-2019-3004)\n\n - mysql: Server: Connection unspecified vulnerability (CPU Oct 2019) (CVE-2019-3009)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) (CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2020) (CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)\n\n - mysql: C API unspecified vulnerability (CPU Jul 2020) (CVE-2020-14550)\n\n - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020) (CVE-2020-14553)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020) (CVE-2020-14559)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jul 2020) (CVE-2020-14567)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2020) (CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)\n\n - mysql: Server: UDF unspecified vulnerability (CPU Jul 2020) (CVE-2020-14576)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) (CVE-2020-14586, CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-14702)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jul 2020) (CVE-2020-14619)\n\n - mysql: Server: JSON unspecified vulnerability (CPU Jul 2020) (CVE-2020-14624)\n\n - mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2020) (CVE-2020-14631)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2020) (CVE-2020-14632)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Jul 2020) (CVE-2020-14656)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2020) (CVE-2020-14799)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2020) (CVE-2020-2577, CVE-2020-2589)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) (CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2020) (CVE-2020-2580)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jan 2020) (CVE-2020-2584)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2020) (CVE-2020-2588)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2020) (CVE-2020-2627)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020) (CVE-2020-2694)\n\n - mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752, CVE-2020-2922)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) (CVE-2020-2759, CVE-2020-2763)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) (CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) (CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2020) (CVE-2020-2770)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n - mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020) (CVE-2020-2804)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2020) (CVE-2020-2896)\n\n - mysql: Server: Charsets unspecified vulnerability (CPU Apr 2020) (CVE-2020-2898)\n\n - mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2020) (CVE-2020-2903)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2020) (CVE-2020-2921)\n\n - mysql: Server: PS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2925)\n\n - mysql: Server: Group Replication GCS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2926)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2020) (CVE-2020-2930)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021) (CVE-2021-1998, CVE-2021-2016, CVE-2021-2020)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2021) (CVE-2021-2006, CVE-2021-2007)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jan 2021) (CVE-2021-2009)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2021) (CVE-2021-2012, CVE-2021-2019)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2021) (CVE-2021-2144)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021) (CVE-2021-2160)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : mysql:8.0 (CESA-2020:3732)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-14799", "CVE-2020-2570", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930", "CVE-2021-1998", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2012", "CVE-2021-2016", "CVE-2021-2019", "CVE-2021-2020", "CVE-2021-2144", "CVE-2021-2160"], "modified": "2023-02-08T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:mecab", "p-cpe:/a:centos:centos:mecab-ipadic", "p-cpe:/a:centos:centos:mecab-ipadic-eucjp", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:centos:centos:mysql-common", "p-cpe:/a:centos:centos:mysql-devel", "p-cpe:/a:centos:centos:mysql-errmsg", "p-cpe:/a:centos:centos:mysql-libs", "p-cpe:/a:centos:centos:mysql-server", "p-cpe:/a:centos:centos:mysql-test"], "id": "CENTOS8_RHSA-2020-3732.NASL", "href": "https://www.tenable.com/plugins/nessus/145871", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:3732. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145871);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2019-2911\",\n \"CVE-2019-2914\",\n \"CVE-2019-2938\",\n \"CVE-2019-2946\",\n \"CVE-2019-2957\",\n \"CVE-2019-2960\",\n \"CVE-2019-2963\",\n \"CVE-2019-2966\",\n \"CVE-2019-2967\",\n \"CVE-2019-2968\",\n \"CVE-2019-2974\",\n \"CVE-2019-2982\",\n \"CVE-2019-2991\",\n \"CVE-2019-2993\",\n \"CVE-2019-2997\",\n \"CVE-2019-2998\",\n \"CVE-2019-3004\",\n \"CVE-2019-3009\",\n \"CVE-2019-3011\",\n \"CVE-2019-3018\",\n \"CVE-2020-2570\",\n \"CVE-2020-2573\",\n \"CVE-2020-2574\",\n \"CVE-2020-2577\",\n \"CVE-2020-2579\",\n \"CVE-2020-2580\",\n \"CVE-2020-2584\",\n \"CVE-2020-2588\",\n \"CVE-2020-2589\",\n \"CVE-2020-2627\",\n \"CVE-2020-2660\",\n \"CVE-2020-2679\",\n \"CVE-2020-2686\",\n \"CVE-2020-2694\",\n \"CVE-2020-2752\",\n \"CVE-2020-2759\",\n \"CVE-2020-2760\",\n \"CVE-2020-2761\",\n \"CVE-2020-2762\",\n \"CVE-2020-2763\",\n \"CVE-2020-2765\",\n \"CVE-2020-2770\",\n \"CVE-2020-2774\",\n \"CVE-2020-2779\",\n \"CVE-2020-2780\",\n \"CVE-2020-2804\",\n \"CVE-2020-2812\",\n \"CVE-2020-2814\",\n \"CVE-2020-2853\",\n \"CVE-2020-2892\",\n \"CVE-2020-2893\",\n \"CVE-2020-2895\",\n \"CVE-2020-2896\",\n \"CVE-2020-2897\",\n \"CVE-2020-2898\",\n \"CVE-2020-2901\",\n \"CVE-2020-2903\",\n \"CVE-2020-2904\",\n \"CVE-2020-2921\",\n \"CVE-2020-2922\",\n \"CVE-2020-2923\",\n \"CVE-2020-2924\",\n \"CVE-2020-2925\",\n \"CVE-2020-2926\",\n \"CVE-2020-2928\",\n \"CVE-2020-2930\",\n \"CVE-2020-14539\",\n \"CVE-2020-14540\",\n \"CVE-2020-14547\",\n \"CVE-2020-14550\",\n \"CVE-2020-14553\",\n \"CVE-2020-14559\",\n \"CVE-2020-14567\",\n \"CVE-2020-14568\",\n \"CVE-2020-14575\",\n \"CVE-2020-14576\",\n \"CVE-2020-14586\",\n \"CVE-2020-14597\",\n \"CVE-2020-14614\",\n \"CVE-2020-14619\",\n \"CVE-2020-14620\",\n \"CVE-2020-14623\",\n \"CVE-2020-14624\",\n \"CVE-2020-14631\",\n \"CVE-2020-14632\",\n \"CVE-2020-14633\",\n \"CVE-2020-14634\",\n \"CVE-2020-14641\",\n \"CVE-2020-14643\",\n \"CVE-2020-14651\",\n \"CVE-2020-14654\",\n \"CVE-2020-14656\",\n \"CVE-2020-14663\",\n \"CVE-2020-14678\",\n \"CVE-2020-14680\",\n \"CVE-2020-14697\",\n \"CVE-2020-14702\",\n \"CVE-2020-14725\",\n \"CVE-2020-14799\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3732\");\n\n script_name(english:\"CentOS 8 : mysql:8.0 (CESA-2020:3732)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:3732 advisory.\n\n - mysql: Information Schema unspecified vulnerability (CPU Oct 2019) (CVE-2019-2911)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) (CVE-2019-2914,\n CVE-2019-2957)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968,\n CVE-2019-3018)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2019) (CVE-2019-2946)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2019) (CVE-2019-2960)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2966, CVE-2019-2967,\n CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998)\n\n - mysql: Server: C API unspecified vulnerability (CPU Oct 2019) (CVE-2019-2993, CVE-2019-3011)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2019) (CVE-2019-2997)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Oct 2019) (CVE-2019-3004)\n\n - mysql: Server: Connection unspecified vulnerability (CPU Oct 2019) (CVE-2019-3009)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) (CVE-2020-14539, CVE-2020-14547,\n CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2020) (CVE-2020-14540, CVE-2020-14575,\n CVE-2020-14620)\n\n - mysql: C API unspecified vulnerability (CPU Jul 2020) (CVE-2020-14550)\n\n - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020) (CVE-2020-14553)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020) (CVE-2020-14559)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jul 2020) (CVE-2020-14567)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2020) (CVE-2020-14568, CVE-2020-14623, CVE-2020-14633,\n CVE-2020-14634)\n\n - mysql: Server: UDF unspecified vulnerability (CPU Jul 2020) (CVE-2020-14576)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) (CVE-2020-14586,\n CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-14702)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jul 2020) (CVE-2020-14619)\n\n - mysql: Server: JSON unspecified vulnerability (CPU Jul 2020) (CVE-2020-14624)\n\n - mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2020) (CVE-2020-14631)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2020) (CVE-2020-14632)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) (CVE-2020-14641, CVE-2020-14643,\n CVE-2020-14651)\n\n - mysql: Server: Locking unspecified vulnerability (CPU Jul 2020) (CVE-2020-14656)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2020) (CVE-2020-14799)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2020) (CVE-2020-2577, CVE-2020-2589)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) (CVE-2020-2579, CVE-2020-2660,\n CVE-2020-2679, CVE-2020-2686)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2020) (CVE-2020-2580)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jan 2020) (CVE-2020-2584)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2020) (CVE-2020-2588)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2020) (CVE-2020-2627)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020) (CVE-2020-2694)\n\n - mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752, CVE-2020-2922)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) (CVE-2020-2759, CVE-2020-2763)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760, CVE-2020-2762, CVE-2020-2814,\n CVE-2020-2893, CVE-2020-2895)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) (CVE-2020-2761,\n CVE-2020-2774, CVE-2020-2779, CVE-2020-2853)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) (CVE-2020-2765, CVE-2020-2892,\n CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2020) (CVE-2020-2770)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)\n\n - mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020) (CVE-2020-2804)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2020) (CVE-2020-2896)\n\n - mysql: Server: Charsets unspecified vulnerability (CPU Apr 2020) (CVE-2020-2898)\n\n - mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2020) (CVE-2020-2903)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2020) (CVE-2020-2921)\n\n - mysql: Server: PS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2925)\n\n - mysql: Server: Group Replication GCS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2926)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2020) (CVE-2020-2930)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021) (CVE-2021-1998, CVE-2021-2016,\n CVE-2021-2020)\n\n - mysql: C API unspecified vulnerability (CPU Jan 2021) (CVE-2021-2006, CVE-2021-2007)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jan 2021) (CVE-2021-2009)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2021) (CVE-2021-2012,\n CVE-2021-2019)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Apr 2021) (CVE-2021-2144)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021) (CVE-2021-2160)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3732\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14697\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mecab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/CentOS/release');\nif (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< os_release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/mysql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\nif ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);\n\nvar appstreams = {\n 'mysql:8.0': [\n {'reference':'mecab-0.996-1.module_el8.0.0+41+ca30bab6.9', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-0.996-1.module_el8.0.0+41+ca30bab6.9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module_el8.0.0+41+ca30bab6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module_el8.0.0+41+ca30bab6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module_el8.0.0+41+ca30bab6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module_el8.0.0+41+ca30bab6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.21-1.module_el8.2.0+493+63b41e36', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.21-1.module_el8.2.0+493+63b41e36', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.21-1.module_el8.2.0+493+63b41e36', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.21-1.module_el8.2.0+493+63b41e36', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.21-1.module_el8.2.0+493+63b41e36', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.21-1.module_el8.2.0+493+63b41e36', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.21-1.module_el8.2.0+493+63b41e36', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.21-1.module_el8.2.0+493+63b41e36', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.21-1.module_el8.2.0+493+63b41e36', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.21-1.module_el8.2.0+493+63b41e36', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.21-1.module_el8.2.0+493+63b41e36', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.21-1.module_el8.2.0+493+63b41e36', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.21-1.module_el8.2.0+493+63b41e36', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.21-1.module_el8.2.0+493+63b41e36', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-ipadic / mecab-ipadic-EUCJP / mysql / mysql-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-15T15:42:36", "description": "The remote host is affected by the vulnerability described in GLSA-202105-27 (MySQL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details.\n Impact :\n\n An attacker could possibly execute arbitrary code with the privileges of the process, escalate privileges, gain access to critical data or complete access to all MySQL server accessible data, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2022-01-24T00:00:00", "type": "nessus", "title": "GLSA-202105-27 : MySQL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2938", "CVE-2019-2974", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14564", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14591", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14626", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14672", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-14760", "CVE-2020-14765", "CVE-2020-14769", "CVE-2020-14771", "CVE-2020-14773", "CVE-2020-14775", "CVE-2020-14776", "CVE-2020-14777", "CVE-2020-14785", "CVE-2020-14786", "CVE-2020-14789", "CVE-2020-14790", "CVE-2020-14791", "CVE-2020-14793", "CVE-2020-14794", "CVE-2020-14799", "CVE-2020-14800", "CVE-2020-14804", "CVE-2020-14809", "CVE-2020-14812", "CVE-2020-14814", "CVE-2020-14821", "CVE-2020-14827", "CVE-2020-14828", "CVE-2020-14829", "CVE-2020-14830", "CVE-2020-14836", "CVE-2020-14837", "CVE-2020-14838", "CVE-2020-14839", "CVE-2020-14844", "CVE-2020-14845", "CVE-2020-14846", "CVE-2020-14848", "CVE-2020-14852", "CVE-2020-14853", "CVE-2020-14860", "CVE-2020-14861", "CVE-2020-14866", "CVE-2020-14867", "CVE-2020-14868", "CVE-2020-14869", "CVE-2020-14870", "CVE-2020-14873", "CVE-2020-14878", "CVE-2020-14888", "CVE-2020-14891", "CVE-2020-14893", "CVE-2020-2570", "CVE-2020-2572", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2768", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2790", "CVE-2020-2804", "CVE-2020-2806", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2875", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930", "CVE-2020-2933", "CVE-2020-2934", "CVE-2021-1998", "CVE-2021-2001", "CVE-2021-2002", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2010", "CVE-2021-2011", "CVE-2021-2012", "CVE-2021-2014", "CVE-2021-2016", "CVE-2021-2019", "CVE-2021-2020", "CVE-2021-2021", "CVE-2021-2022", "CVE-2021-2024", "CVE-2021-2028", "CVE-2021-2030", "CVE-2021-2031", "CVE-2021-2032", "CVE-2021-2036", "CVE-2021-2038", "CVE-2021-2042", "CVE-2021-2046", "CVE-2021-2048", "CVE-2021-2055", "CVE-2021-2056", "CVE-2021-2058", "CVE-2021-2060", "CVE-2021-2061", "CVE-2021-2065", "CVE-2021-2070", "CVE-2021-2072", "CVE-2021-2076", "CVE-2021-2081", "CVE-2021-2087", "CVE-2021-2088", "CVE-2021-2122", "CVE-2021-2154", "CVE-2021-2166", "CVE-2021-2180"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:mysql", "p-cpe:/a:gentoo:linux:mysql-connector-c", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202105-27.NASL", "href": "https://www.tenable.com/plugins/nessus/156994", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202105-27.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(156994);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-2938\", \"CVE-2019-2974\", \"CVE-2020-14539\", \"CVE-2020-14540\", \"CVE-2020-14547\", \"CVE-2020-14550\", \"CVE-2020-14553\", \"CVE-2020-14559\", \"CVE-2020-14564\", \"CVE-2020-14567\", \"CVE-2020-14568\", \"CVE-2020-14575\", \"CVE-2020-14576\", \"CVE-2020-14586\", \"CVE-2020-14591\", \"CVE-2020-14597\", \"CVE-2020-14614\", \"CVE-2020-14619\", \"CVE-2020-14620\", \"CVE-2020-14623\", \"CVE-2020-14624\", \"CVE-2020-14626\", \"CVE-2020-14631\", \"CVE-2020-14632\", \"CVE-2020-14633\", \"CVE-2020-14634\", \"CVE-2020-14641\", \"CVE-2020-14643\", \"CVE-2020-14651\", \"CVE-2020-14654\", \"CVE-2020-14656\", \"CVE-2020-14663\", \"CVE-2020-14672\", \"CVE-2020-14678\", \"CVE-2020-14680\", \"CVE-2020-14697\", \"CVE-2020-14702\", \"CVE-2020-14725\", \"CVE-2020-14760\", \"CVE-2020-14765\", \"CVE-2020-14769\", \"CVE-2020-14771\", \"CVE-2020-14773\", \"CVE-2020-14775\", \"CVE-2020-14776\", \"CVE-2020-14777\", \"CVE-2020-14785\", \"CVE-2020-14786\", \"CVE-2020-14789\", \"CVE-2020-14790\", \"CVE-2020-14791\", \"CVE-2020-14793\", \"CVE-2020-14794\", \"CVE-2020-14799\", \"CVE-2020-14800\", \"CVE-2020-14804\", \"CVE-2020-14809\", \"CVE-2020-14812\", \"CVE-2020-14814\", \"CVE-2020-14821\", \"CVE-2020-14827\", \"CVE-2020-14828\", \"CVE-2020-14829\", \"CVE-2020-14830\", \"CVE-2020-14836\", \"CVE-2020-14837\", \"CVE-2020-14838\", \"CVE-2020-14839\", \"CVE-2020-14844\", \"CVE-2020-14845\", \"CVE-2020-14846\", \"CVE-2020-14848\", \"CVE-2020-14852\", \"CVE-2020-14853\", \"CVE-2020-14860\", \"CVE-2020-14861\", \"CVE-2020-14866\", \"CVE-2020-14867\", \"CVE-2020-14868\", \"CVE-2020-14869\", \"CVE-2020-14870\", \"CVE-2020-14873\", \"CVE-2020-14878\", \"CVE-2020-14888\", \"CVE-2020-14891\", \"CVE-2020-14893\", \"CVE-2020-2570\", \"CVE-2020-2572\", \"CVE-2020-2573\", \"CVE-2020-2574\", \"CVE-2020-2577\", \"CVE-2020-2579\", \"CVE-2020-2580\", \"CVE-2020-2584\", \"CVE-2020-2588\", \"CVE-2020-2589\", \"CVE-2020-2627\", \"CVE-2020-2660\", \"CVE-2020-2679\", \"CVE-2020-2686\", \"CVE-2020-2694\", \"CVE-2020-2752\", \"CVE-2020-2759\", \"CVE-2020-2760\", \"CVE-2020-2761\", \"CVE-2020-2762\", \"CVE-2020-2763\", \"CVE-2020-2765\", \"CVE-2020-2768\", \"CVE-2020-2770\", \"CVE-2020-2774\", \"CVE-2020-2779\", \"CVE-2020-2780\", \"CVE-2020-2790\", \"CVE-2020-2804\", \"CVE-2020-2806\", \"CVE-2020-2812\", \"CVE-2020-2814\", \"CVE-2020-2853\", \"CVE-2020-2875\", \"CVE-2020-2892\", \"CVE-2020-2893\", \"CVE-2020-2895\", \"CVE-2020-2896\", \"CVE-2020-2897\", \"CVE-2020-2898\", \"CVE-2020-2901\", \"CVE-2020-2903\", \"CVE-2020-2904\", \"CVE-2020-2921\", \"CVE-2020-2922\", \"CVE-2020-2923\", \"CVE-2020-2924\", \"CVE-2020-2925\", \"CVE-2020-2926\", \"CVE-2020-2928\", \"CVE-2020-2930\", \"CVE-2020-2933\", \"CVE-2020-2934\", \"CVE-2021-1998\", \"CVE-2021-2001\", \"CVE-2021-2002\", \"CVE-2021-2006\", \"CVE-2021-2007\", \"CVE-2021-2009\", \"CVE-2021-2010\", \"CVE-2021-2011\", \"CVE-2021-2012\", \"CVE-2021-2014\", \"CVE-2021-2016\", \"CVE-2021-2019\", \"CVE-2021-2020\", \"CVE-2021-2021\", \"CVE-2021-2022\", \"CVE-2021-2024\", \"CVE-2021-2028\", \"CVE-2021-2030\", \"CVE-2021-2031\", \"CVE-2021-2032\", \"CVE-2021-2036\", \"CVE-2021-2038\", \"CVE-2021-2042\", \"CVE-2021-2046\", \"CVE-2021-2048\", \"CVE-2021-2055\", \"CVE-2021-2056\", \"CVE-2021-2058\", \"CVE-2021-2060\", \"CVE-2021-2061\", \"CVE-2021-2065\", \"CVE-2021-2070\", \"CVE-2021-2072\", \"CVE-2021-2076\", \"CVE-2021-2081\", \"CVE-2021-2087\", \"CVE-2021-2088\", \"CVE-2021-2122\", \"CVE-2021-2154\", \"CVE-2021-2166\", \"CVE-2021-2180\");\n script_xref(name:\"GLSA\", value:\"202105-27\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"GLSA-202105-27 : MySQL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202105-27\n(MySQL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MySQL. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n An attacker could possibly execute arbitrary code with the privileges of\n the process, escalate privileges, gain access to critical data or\n complete access to all MySQL server accessible data, or cause a Denial of\n Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202105-27\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All MySQL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.7.34'\n All mysql users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mysql-8.0.24'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14878\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mysql-connector-c\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/mysql\", unaffected:make_list(\"ge 5.7.34\", \"ge 8.0.24\"), vulnerable:make_list(\"lt 8.0.24\"))) flag++;\nif (qpkg_check(package:\"dev-db/mysql-connector-c\", unaffected:make_list(\"ge 8.0.24\"), vulnerable:make_list(\"lt 8.0.24\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MySQL\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2023-05-10T15:43:26", "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-10T04:51:09", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: community-mysql-8.0.20-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "modified": "2020-05-10T04:51:09", "id": "FEDORA:DCA0F6051CEF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2023-05-10T15:43:26", "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-10T04:34:04", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: community-mysql-8.0.20-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "modified": "2020-05-10T04:34:04", "id": "FEDORA:56E9E608ECFD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2023-05-10T15:43:26", "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-10T03:50:08", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: community-mysql-8.0.20-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "modified": "2020-05-10T03:50:08", "id": "FEDORA:E0D0C605DCCC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-06-13T16:08:16", "description": "\n\nOracle reports:\n\nThis Critical Patch Update contains 45 new security patches for\n\t Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable\n\t without authentication, i.e., may be exploited over a network without\n\t requiring user credentials.\nMariaDB reports 4 of these vulnerabilities exist in their software\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-14T00:00:00", "type": "freebsd", "title": "MySQL Server -- Multiple vulerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1547", "CVE-2019-15601", "CVE-2019-5482", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2768", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2790", "CVE-2020-2804", "CVE-2020-2806", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "modified": "2020-05-16T00:00:00", "id": "21D59EA3-8559-11EA-A5E2-D4C9EF517024", "href": "https://vuxml.freebsd.org/freebsd/21d59ea3-8559-11ea-a5e2-d4c9ef517024.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2023-02-27T21:50:13", "description": "## Summary\n\nIBM API Connect has addressed the following vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2763](<https://vulners.com/cve/CVE-2020-2763>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Replication component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179663](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179663>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2897](<https://vulners.com/cve/CVE-2020-2897>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179795](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179795>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2925](<https://vulners.com/cve/CVE-2020-2925>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: PS component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179820](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179820>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2903](<https://vulners.com/cve/CVE-2020-2903>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Connection Handling component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179801](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179801>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2762](<https://vulners.com/cve/CVE-2020-2762>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2759](<https://vulners.com/cve/CVE-2020-2759>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Replication component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179659](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179659>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2892](<https://vulners.com/cve/CVE-2020-2892>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179790](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179790>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2926](<https://vulners.com/cve/CVE-2020-2926>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Group Replication GCS component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179821](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179821>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2761](<https://vulners.com/cve/CVE-2020-2761>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2768](<https://vulners.com/cve/CVE-2020-2768>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Cluster Cluster: General component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179668](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179668>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H) \n \n** CVEID: **[CVE-2020-2806](<https://vulners.com/cve/CVE-2020-2806>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Compiling component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179704](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179704>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2922](<https://vulners.com/cve/CVE-2020-2922>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Client C API component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179817](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179817>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-2814](<https://vulners.com/cve/CVE-2020-2814>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179712](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179712>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2790](<https://vulners.com/cve/CVE-2020-2790>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Pluggable Auth component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2779](<https://vulners.com/cve/CVE-2020-2779>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179679](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179679>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2904](<https://vulners.com/cve/CVE-2020-2904>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179802](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179802>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2780](<https://vulners.com/cve/CVE-2020-2780>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: DML component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179680](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179680>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2930](<https://vulners.com/cve/CVE-2020-2930>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Parser component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179825](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179825>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2804](<https://vulners.com/cve/CVE-2020-2804>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Memcached component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179702>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2921](<https://vulners.com/cve/CVE-2020-2921>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Group Replication Plugin component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179816](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179816>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2770](<https://vulners.com/cve/CVE-2020-2770>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Logging component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179670](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179670>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2774](<https://vulners.com/cve/CVE-2020-2774>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179674](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179674>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2875](<https://vulners.com/cve/CVE-2020-2875>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Connectors Connector/J component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179773](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179773>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2928](<https://vulners.com/cve/CVE-2020-2928>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179823](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179823>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2898](<https://vulners.com/cve/CVE-2020-2898>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Charsets component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179796](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179796>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2896](<https://vulners.com/cve/CVE-2020-2896>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Information Schema component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179794](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179794>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2923](<https://vulners.com/cve/CVE-2020-2923>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179818](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179818>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2901](<https://vulners.com/cve/CVE-2020-2901>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179799](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179799>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2760](<https://vulners.com/cve/CVE-2020-2760>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H) \n \n** CVEID: **[CVE-2020-2853](<https://vulners.com/cve/CVE-2020-2853>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179751](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179751>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2895](<https://vulners.com/cve/CVE-2020-2895>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179793](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179793>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2765](<https://vulners.com/cve/CVE-2020-2765>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179665](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179665>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2893](<https://vulners.com/cve/CVE-2020-2893>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179791](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179791>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2924](<https://vulners.com/cve/CVE-2020-2924>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179819](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179819>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2812](<https://vulners.com/cve/CVE-2020-2812>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Stored Procedure component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179710](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179710>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2933](<https://vulners.com/cve/CVE-2020-2933>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Connectors Connector/J component could allow an authenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 2.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179828](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179828>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2934](<https://vulners.com/cve/CVE-2020-2934>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Connectors Connector/J component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179829](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179829>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nAPI Connect| V2018.4.1.0-2018.4.1.12 \nAPI Connect| V10.0.0 \n \n## Remediation/Fixes\n\nAffected Product| Addressed in VRMF| APAR| Remediation/First Fix \n---|---|---|--- \n \nIBM API Connect \n\nV2018.4.1.0-2018.4.1.12\n\n| 2018.4.1.13| \n\nLI81610\n\n| \n\nAddressed in IBM API Connect V2018.4.1.13.\n\nDeveloper Portal is impacted. \n\nFollow this link and find the image appropriate for your installation.\n\n[http://www.ibm.com/support/fixcentral/swg/quickorder](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.12&platform=All&function=all&source=fc> \"\" ) \n \nIBM API Connect \n\nV10.0.0\n\n| \n\nIBM API Connect \n\nV10.0.1\n\n| \n\nLI81610\n\n| \n\nAddressed in IBM API Connect V10.0.1 \n \nDeveloper Portal is impacted. \n \nFollow this link and find the image appropriate for your installation. \n[http://www.ibm.com/support/fixcentral/swg/quickorder](<https://www.ibm.com/support/pages/node/6339249> \"http://www.ibm.com/support/fixcentral/swg/quickorder\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-06T21:09:57", "type": "ibm", "title": "Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in MySQL.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2768", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2790", "CVE-2020-2804", "CVE-2020-2806", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2875", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930", "CVE-2020-2933", "CVE-2020-2934"], "modified": "2020-10-06T21:09:57", "id": "A1A0398B401BEF610025984C15ACCDF1EDCBAE78A78A09063FD3B2A4DE512BFD", "href": "https://www.ibm.com/support/pages/node/6324761", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "photon": [{"lastseen": "2023-09-24T15:02:54", "description": "Updates of ['linux-secure', 'mysql', 'linux', 'linux-aws', 'nxtgn-openssl', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-22T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-3.0-0082", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 5.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2791", "CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2920", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-11494", "CVE-2020-11565", "CVE-2020-11608", "CVE-2020-11609", "CVE-2020-11668", "CVE-2020-12657", "CVE-2020-14381", "CVE-2020-1967", "CVE-2020-2570", "CVE-2020-2572", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2768", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "modified": "2020-04-22T00:00:00", "id": "PHSA-2020-3.0-0082", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-82", "cvss": {"score": 5.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:C"}}, {"lastseen": "2022-05-12T18:49:08", "description": "Updates of ['linux-esx', 'nxtgn-openssl', 'linux', 'mysql', 'linux-secure', 'linux-aws'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-22T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0082", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 5.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2791", "CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2920", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-11494", "CVE-2020-11565", "CVE-2020-11608", "CVE-2020-11609", "CVE-2020-11668", "CVE-2020-12657", "CVE-2020-14381", "CVE-2020-1967", "CVE-2020-2570", "CVE-2020-2572", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2768", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "modified": "2020-04-22T00:00:00", "id": "PHSA-2020-0082", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-82", "cvss": {"score": 5.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:C"}}], "oraclelinux": [{"lastseen": "2021-12-31T00:28:06", "description": "mysql\n[8.0.21-1]\n- Rebase to 8.0.21\n- Use bundled libzstd and libevent for RHSCL and RHEL-8.0.0\n- Check that we have correct versions in bundled(*) Provides\n- Remove re2 bundled dependency\n[8.0.20-1]\n- Rebase to 8.0.20\n[8.0.19-2]\n- Specify all perl dependencies\n[8.0.19-1]\n- Rebase to 8.0.19\n[8.0.18-1]\n- Rebase to 8.0.18\n- Add libzstd-devel dependencies\n- Include patch to build against protobuf 3.11", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-09-16T00:00:00", "type": "oraclelinux", "title": "mysql:8.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-2570", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "modified": "2020-09-16T00:00:00", "id": "ELSA-2020-3732", "href": "http://linux.oracle.com/errata/ELSA-2020-3732.html", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "almalinux": [{"lastseen": "2023-06-13T17:13:32", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.21).\n\nSecurity Fix(es):\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2019-2914, CVE-2019-2957)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589, CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895, CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946, CVE-2020-2925)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n* mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993, CVE-2019-3011)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997, CVE-2020-2580)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-3009)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584, CVE-2020-14632)\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588, CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)\n\n* mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752, CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n* mysql: Server: Logging unspecified vulnerability (CVE-2020-2770)\n\n* mysql: Server: Memcached unspecified vulnerability (CVE-2020-2804)\n\n* mysql: Server: Stored Procedure unspecified vulnerability (CVE-2020-2812)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2020-2896, CVE-2020-14559, CVE-2020-2694)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2020-2898)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2020-2903)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2020-2921)\n\n* mysql: Server: Group Replication GCS unspecified vulnerability (CVE-2020-2926)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2020-14553)\n\n* mysql: Server: UDF unspecified vulnerability (CVE-2020-14576)\n\n* mysql: Server: JSON unspecified vulnerability (CVE-2020-14624)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2020-14631)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)\n\n* mysql: Server: Locking unspecified vulnerability (CVE-2020-14656)\n\n* mysql: Information Schema unspecified vulnerability (CVE-2019-2911)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-14T12:23:24", "type": "almalinux", "title": "Important: mysql:8.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-2570", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930"], "modified": "2020-09-14T12:23:24", "id": "ALSA-2020:3732", "href": "https://errata.almalinux.org/8/ALSA-2020-3732.html", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2023-08-04T12:27:59", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.21).\n\nSecurity Fix(es):\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2019-2914, CVE-2019-2957)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589, CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895, CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946, CVE-2020-2925)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n* mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993, CVE-2019-3011)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997, CVE-2020-2580)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-3009)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584, CVE-2020-14632)\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588, CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)\n\n* mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752, CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n* mysql: Server: Logging unspecified vulnerability (CVE-2020-2770)\n\n* mysql: Server: Memcached unspecified vulnerability (CVE-2020-2804)\n\n* mysql: Server: Stored Procedure unspecified vulnerability (CVE-2020-2812)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2020-2896, CVE-2020-14559, CVE-2020-2694)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2020-2898)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2020-2903)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2020-2921)\n\n* mysql: Server: Group Replication GCS unspecified vulnerability (CVE-2020-2926)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2020-14553)\n\n* mysql: Server: UDF unspecified vulnerability (CVE-2020-14576)\n\n* mysql: Server: JSON unspecified vulnerability (CVE-2020-14624)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2020-14631)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)\n\n* mysql: Server: Locking unspecified vulnerability (CVE-2020-14656)\n\n* mysql: Information Schema unspecified vulnerability (CVE-2019-2911)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-15T16:04:48", "type": "redhat", "title": "(RHSA-2020:3755) Important: mysql:8.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-14799", "CVE-2020-2570", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930", "CVE-2021-1998", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2012", "CVE-2021-2016", "CVE-2021-2019", "CVE-2021-2020", "CVE-2021-2144", "CVE-2021-2160"], "modified": "2021-04-23T08:31:02", "id": "RHSA-2020:3755", "href": "https://access.redhat.com/errata/RHSA-2020:3755", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-08-04T12:27:59", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.21).\n\nSecurity Fix(es):\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2019-2914, CVE-2019-2957)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589, CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895, CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946, CVE-2020-2925)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n* mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993, CVE-2019-3011)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997, CVE-2020-2580)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-3009)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584, CVE-2020-14632)\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588, CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)\n\n* mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752, CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n* mysql: Server: Logging unspecified vulnerability (CVE-2020-2770)\n\n* mysql: Server: Memcached unspecified vulnerability (CVE-2020-2804)\n\n* mysql: Server: Stored Procedure unspecified vulnerability (CVE-2020-2812)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2020-2896, CVE-2020-14559, CVE-2020-2694)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2020-2898)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2020-2903)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2020-2921)\n\n* mysql: Server: Group Replication GCS unspecified vulnerability (CVE-2020-2926)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2020-14553)\n\n* mysql: Server: UDF unspecified vulnerability (CVE-2020-14576)\n\n* mysql: Server: JSON unspecified vulnerability (CVE-2020-14624)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2020-14631)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)\n\n* mysql: Server: Locking unspecified vulnerability (CVE-2020-14656)\n\n* mysql: Information Schema unspecified vulnerability (CVE-2019-2911)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-15T18:10:12", "type": "redhat", "title": "(RHSA-2020:3757) Important: mysql:8.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-14799", "CVE-2020-2570", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930", "CVE-2021-1998", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2012", "CVE-2021-2016", "CVE-2021-2019", "CVE-2021-2020", "CVE-2021-2144", "CVE-2021-2160"], "modified": "2021-04-23T08:31:04", "id": "RHSA-2020:3757", "href": "https://access.redhat.com/errata/RHSA-2020:3757", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-08-04T12:27:59", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. \n\nThe following packages have been upgraded to a later upstream version: rh-mysql80-mysql (8.0.21).\n\nSecurity Fix(es):\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2019-2914, CVE-2019-2957)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589, CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895, CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946, CVE-2020-2925)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n* mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993, CVE-2019-3011)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997, CVE-2020-2580)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-3009)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584, CVE-2020-14632)\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588, CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)\n\n* mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752, CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n* mysql: Server: Logging unspecified vulnerability (CVE-2020-2770)\n\n* mysql: Server: Memcached unspecified vulnerability (CVE-2020-2804)\n\n* mysql: Server: Stored Procedure unspecified vulnerability (CVE-2020-2812)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2020-2896, CVE-2020-14559, CVE-2020-2694)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2020-2898)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2020-2903)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2020-2921)\n\n* mysql: Server: Group Replication GCS unspecified vulnerability (CVE-2020-2926)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2020-14553)\n\n* mysql: Server: UDF unspecified vulnerability (CVE-2020-14576)\n\n* mysql: Server: JSON unspecified vulnerability (CVE-2020-14624)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2020-14631)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)\n\n* mysql: Server: Locking unspecified vulnerability (CVE-2020-14656)\n\n* mysql: Information Schema unspecified vulnerability (CVE-2019-2911)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-19T13:45:28", "type": "redhat", "title": "(RHSA-2020:3518) Important: rh-mysql80-mysql security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-14799", "CVE-2020-2570", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930", "CVE-2021-1998", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2012", "CVE-2021-2016", "CVE-2021-2019", "CVE-2021-2020", "CVE-2021-2144", "CVE-2021-2160"], "modified": "2021-04-23T08:37:51", "id": "RHSA-2020:3518", "href": "https://access.redhat.com/errata/RHSA-2020:3518", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-08-04T12:27:59", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.21).\n\nSecurity Fix(es):\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2019-2914, CVE-2019-2957)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589, CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895, CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946, CVE-2020-2925)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n* mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993, CVE-2019-3011)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997, CVE-2020-2580)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-3009)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584, CVE-2020-14632)\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588, CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)\n\n* mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752, CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n* mysql: Server: Logging unspecified vulnerability (CVE-2020-2770)\n\n* mysql: Server: Memcached unspecified vulnerability (CVE-2020-2804)\n\n* mysql: Server: Stored Procedure unspecified vulnerability (CVE-2020-2812)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2020-2896, CVE-2020-14559, CVE-2020-2694)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2020-2898)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2020-2903)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2020-2921)\n\n* mysql: Server: Group Replication GCS unspecified vulnerability (CVE-2020-2926)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2020-14553)\n\n* mysql: Server: UDF unspecified vulnerability (CVE-2020-14576)\n\n* mysql: Server: JSON unspecified vulnerability (CVE-2020-14624)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2020-14631)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)\n\n* mysql: Server: Locking unspecified vulnerability (CVE-2020-14656)\n\n* mysql: Information Schema unspecified vulnerability (CVE-2019-2911)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-14T12:23:24", "type": "redhat", "title": "(RHSA-2020:3732) Important: mysql:8.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-14799", "CVE-2020-2570", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930", "CVE-2021-1998", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2012", "CVE-2021-2016", "CVE-2021-2019", "CVE-2021-2020", "CVE-2021-2144", "CVE-2021-2160"], "modified": "2021-04-23T08:31:03", "id": "RHSA-2020:3732", "href": "https://access.redhat.com/errata/RHSA-2020:3732", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "rocky": [{"lastseen": "2023-07-24T17:30:17", "description": "An update is available for mecab-ipadic, mecab, mysql.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nMySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.21).\n\nSecurity Fix(es):\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2019-2914, CVE-2019-2957)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589, CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895, CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946, CVE-2020-2925)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)\n\n* mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993, CVE-2019-3011)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997, CVE-2020-2580)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-3009)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584, CVE-2020-14632)\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588, CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)\n\n* mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752, CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)\n\n* mysql: Server: Logging unspecified vulnerability (CVE-2020-2770)\n\n* mysql: Server: Memcached unspecified vulnerability (CVE-2020-2804)\n\n* mysql: Server: Stored Procedure unspecified vulnerability (CVE-2020-2812)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2020-2896, CVE-2020-14559, CVE-2020-2694)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2020-2898)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2020-2903)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2020-2921)\n\n* mysql: Server: Group Replication GCS unspecified vulnerability (CVE-2020-2926)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2020-14553)\n\n* mysql: Server: UDF unspecified vulnerability (CVE-2020-14576)\n\n* mysql: Server: JSON unspecified vulnerability (CVE-2020-14624)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2020-14631)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)\n\n* mysql: Server: Locking unspecified vulnerability (CVE-2020-14656)\n\n* mysql: Information Schema unspecified vulnerability (CVE-2019-2911)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-14T12:23:24", "type": "rocky", "title": "mysql:8.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2911", "CVE-2019-2914", "CVE-2019-2938", "CVE-2019-2946", "CVE-2019-2957", "CVE-2019-2960", "CVE-2019-2963", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2974", "CVE-2019-2982", "CVE-2019-2991", "CVE-2019-2993", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-3004", "CVE-2019-3009", "CVE-2019-3011", "CVE-2019-3018", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-14799", "CVE-2020-2570", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2804", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930", "CVE-2021-1998", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2012", "CVE-2021-2016", "CVE-2021-2019", "CVE-2021-2020", "CVE-2021-2144", "CVE-2021-2160"], "modified": "2020-09-14T12:23:24", "id": "RLSA-2020:3732", "href": "https://errata.rockylinux.org/RLSA-2020:3732", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2023-06-13T16:27:17", "description": "### Background\n\nMySQL is a popular multi-threaded, multi-user SQL server.\n\n### Description\n\nMultiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn attacker could possibly execute arbitrary code with the privileges of the process, escalate privileges, gain access to critical data or complete access to all MySQL server accessible data, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MySQL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-5.7.34\"\n \n\nAll mysql users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-8.0.24\"", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-26T00:00:00", "type": "gentoo", "title": "MySQL: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.7, "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2938", "CVE-2019-2974", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14564", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14591", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14626", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14672", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-14760", "CVE-2020-14765", "CVE-2020-14769", "CVE-2020-14771", "CVE-2020-14773", "CVE-2020-14775", "CVE-2020-14776", "CVE-2020-14777", "CVE-2020-14785", "CVE-2020-14786", "CVE-2020-14789", "CVE-2020-14790", "CVE-2020-14791", "CVE-2020-14793", "CVE-2020-14794", "CVE-2020-14799", "CVE-2020-14800", "CVE-2020-14804", "CVE-2020-14809", "CVE-2020-14812", "CVE-2020-14814", "CVE-2020-14821", "CVE-2020-14827", "CVE-2020-14828", "CVE-2020-14829", "CVE-2020-14830", "CVE-2020-14836", "CVE-2020-14837", "CVE-2020-14838", "CVE-2020-14839", "CVE-2020-14844", "CVE-2020-14845", "CVE-2020-14846", "CVE-2020-14848", "CVE-2020-14852", "CVE-2020-14853", "CVE-2020-14860", "CVE-2020-14861", "CVE-2020-14866", "CVE-2020-14867", "CVE-2020-14868", "CVE-2020-14869", "CVE-2020-14870", "CVE-2020-14873", "CVE-2020-14878", "CVE-2020-14888", "CVE-2020-14891", "CVE-2020-14893", "CVE-2020-2570", "CVE-2020-2572", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2768", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2790", "CVE-2020-2804", "CVE-2020-2806", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2875", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930", "CVE-2020-2933", "CVE-2020-2934", "CVE-2021-1998", "CVE-2021-2001", "CVE-2021-2002", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2010", "CVE-2021-2011", "CVE-2021-2012", "CVE-2021-2014", "CVE-2021-2016", "CVE-2021-2019", "CVE-2021-2020", "CVE-2021-2021", "CVE-2021-2022", "CVE-2021-2024", "CVE-2021-2028", "CVE-2021-2030", "CVE-2021-2031", "CVE-2021-2032", "CVE-2021-2036", "CVE-2021-2038", "CVE-2021-2042", "CVE-2021-2046", "CVE-2021-2048", "CVE-2021-2055", "CVE-2021-2056", "CVE-2021-2058", "CVE-2021-2060", "CVE-2021-2061", "CVE-2021-2065", "CVE-2021-2070", "CVE-2021-2072", "CVE-2021-2076", "CVE-2021-2081", "CVE-2021-2087", "CVE-2021-2088", "CVE-2021-2122", "CVE-2021-2154", "CVE-2021-2166", "CVE-2021-2180"], "modified": "2021-05-26T00:00:00", "id": "GLSA-202105-27", "href": "https://security.gentoo.org/glsa/202105-27", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "oracle": [{"lastseen": "2023-09-23T15:51:54", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 399 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2652714.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-04-14T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - April 2020", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0254", "CVE-2015-1832", "CVE-2015-3253", "CVE-2015-7940", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-10244", "CVE-2016-10251", "CVE-2016-10328", "CVE-2016-2183", "CVE-2016-2381", "CVE-2016-3092", "CVE-2016-4000", "CVE-2016-4463", "CVE-2016-6306", "CVE-2016-6489", "CVE-2016-7103", "CVE-2016-8610", "CVE-2017-12626", "CVE-2017-13745", "CVE-2017-14232", "CVE-2017-14735", "CVE-2017-15706", "CVE-2017-3160", "CVE-2017-5130", "CVE-2017-5529", "CVE-2017-5533", "CVE-2017-5645", "CVE-2017-5754", "CVE-2017-7857", "CVE-2017-7858", "CVE-2017-7864", "CVE-2017-8105", "CVE-2017-8287", "CVE-2018-0732", "CVE-2018-0734", "CVE-2018-0737", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000632", "CVE-2018-1000873", "CVE-2018-10237", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-1165", "CVE-2018-11775", "CVE-2018-11784", "CVE-2018-11797", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1258", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-1320", "CVE-2018-1336", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-17197", "CVE-2018-18227", "CVE-2018-18311", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-19539", "CVE-2018-19540", "CVE-2018-19541", "CVE-2018-19542", "CVE-2018-19543", "CVE-2018-19622", "CVE-2018-19623", "CVE-2018-19624", "CVE-2018-19625", "CVE-2018-19626", "CVE-2018-19627", "CVE-2018-19628", "CVE-2018-20346", "CVE-2018-20506", "CVE-2018-20570", "CVE-2018-20584", "CVE-2018-20622", "CVE-2018-20843", "CVE-2018-20852", "CVE-2018-5407", "CVE-2018-5711", "CVE-2018-5712", "CVE-2018-6942", "CVE-2018-8014", "CVE-2018-8032", "CVE-2018-8034", "CVE-2018-8036", "CVE-2018-8037", "CVE-2018-8039", "CVE-2018-9055", "CVE-2018-9154", "CVE-2018-9252", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0199", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0221", "CVE-2019-0222", "CVE-2019-0227", "CVE-2019-0228", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10086", "CVE-2019-10088", "CVE-2019-10092", "CVE-2019-10093", "CVE-2019-10094", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-1010238", "CVE-2019-10173", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12387", "CVE-2019-12402", "CVE-2019-12406", "CVE-2019-12415", "CVE-2019-12418", "CVE-2019-12419", "CVE-2019-12855", "CVE-2019-13057", "CVE-2019-13565", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-14821", "CVE-2019-14889", "CVE-2019-15161", "CVE-2019-15162", "CVE-2019-15163", "CVE-2019-15164", "CVE-2019-15165", "CVE-2019-1543", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-15601", "CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606", "CVE-2019-1563", "CVE-2019-15903", "CVE-2019-16056", "CVE-2019-16168", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17195", "CVE-2019-17359", "CVE-2019-17531", "CVE-2019-17563", "CVE-2019-17571", "CVE-2019-18197", "CVE-2019-19242", "CVE-2019-19244", "CVE-2019-19269", "CVE-2019-19317", "CVE-2019-19553", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19926", "CVE-2019-19959", "CVE-2019-20218", "CVE-2019-20330", "CVE-2019-2412", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2756", "CVE-2019-2759", "CVE-2019-2852", "CVE-2019-2853", "CVE-2019-2878", "CVE-2019-2880", "CVE-2019-2899", "CVE-2019-2904", "CVE-2019-3008", "CVE-2019-5427", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-8457", "CVE-2019-9517", "CVE-2019-9579", "CVE-2020-2514", "CVE-2020-2522", "CVE-2020-2524", "CVE-2020-2553", "CVE-2020-2558", "CVE-2020-2575", "CVE-2020-2578", "CVE-2020-2594", "CVE-2020-2680", "CVE-2020-2706", "CVE-2020-2733", "CVE-2020-2734", "CVE-2020-2735", "CVE-2020-2737", "CVE-2020-2738", "CVE-2020-2739", "CVE-2020-2740", "CVE-2020-2741", "CVE-2020-2742", "CVE-2020-2743", "CVE-2020-2744", "CVE-2020-2745", "CVE-2020-2746", "CVE-2020-2747", "CVE-2020-2748", "CVE-2020-2749", "CVE-2020-2750", "CVE-2020-2751", "CVE-2020-2752", "CVE-2020-2753", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2758", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2764", "CVE-2020-2765", "CVE-2020-2766", "CVE-2020-2767", "CVE-2020-2768", "CVE-2020-2769", "CVE-2020-2770", "CVE-2020-2771", "CVE-2020-2772", "CVE-2020-2773", "CVE-2020-2774", "CVE-2020-2775", "CVE-2020-2776", "CVE-2020-2777", "CVE-2020-2778", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2781", "CVE-2020-2782", "CVE-2020-2783", "CVE-2020-2784", "CVE-2020-2785", "CVE-2020-2786", "CVE-2020-2787", "CVE-2020-2789", "CVE-2020-2790", "CVE-2020-2791", "CVE-2020-2793", "CVE-2020-2794", "CVE-2020-2795", "CVE-2020-2796", "CVE-2020-2797", "CVE-2020-2798", "CVE-2020-2799", "CVE-2020-2800", "CVE-2020-2801", "CVE-2020-2802", "CVE-2020-2803", "CVE-2020-2804", "CVE-2020-2805", "CVE-2020-2806", "CVE-2020-2807", "CVE-2020-2808", "CVE-2020-2809", "CVE-2020-2810", "CVE-2020-2811", "CVE-2020-2812", "CVE-2020-2813", "CVE-2020-2814", "CVE-2020-2815", "CVE-2020-2816", "CVE-2020-2817", "CVE-2020-2818", "CVE-2020-2819", "CVE-2020-2820", "CVE-2020-2821", "CVE-2020-2822", "CVE-2020-2823", "CVE-2020-2824", "CVE-2020-2825", "CVE-2020-2826", "CVE-2020-2827", "CVE-2020-2828", "CVE-2020-2829", "CVE-2020-2830", "CVE-2020-2831", "CVE-2020-2832", "CVE-2020-2833", "CVE-2020-2834", "CVE-2020-2835", "CVE-2020-2836", "CVE-2020-2837", "CVE-2020-2838", "CVE-2020-2839", "CVE-2020-2840", "CVE-2020-2841", "CVE-2020-2842", "CVE-2020-2843", "CVE-2020-2844", "CVE-2020-2845", "CVE-2020-2846", "CVE-2020-2847", "CVE-2020-2848", "CVE-2020-2849", "CVE-2020-2850", "CVE-2020-2851", "CVE-2020-2852", "CVE-2020-2853", "CVE-2020-2854", "CVE-2020-2855", "CVE-2020-2856", "CVE-2020-2857", "CVE-2020-2858", "CVE-2020-2859", "CVE-2020-2860", "CVE-2020-2861", "CVE-2020-2862", "CVE-2020-2863", "CVE-2020-2864", "CVE-2020-2865", "CVE-2020-2866", "CVE-2020-2867", "CVE-2020-2868", "CVE-2020-2869", "CVE-2020-2870", "CVE-2020-2871", "CVE-2020-2872", "CVE-2020-2873", "CVE-2020-2874", "CVE-2020-2875", "CVE-2020-2876", "CVE-2020-2877", "CVE-2020-2878", "CVE-2020-2879", "CVE-2020-2880", "CVE-2020-2881", "CVE-2020-2882", "CVE-2020-2883", "CVE-2020-2884", "CVE-2020-2885", "CVE-2020-2886", "CVE-2020-2887", "CVE-2020-2888", "CVE-2020-2889", "CVE-2020-2890", "CVE-2020-2891", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2894", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2899", "CVE-2020-2900", "CVE-2020-2901", "CVE-2020-2902", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2905", "CVE-2020-2906", "CVE-2020-2907", "CVE-2020-2908", "CVE-2020-2909", "CVE-2020-2910", "CVE-2020-2911", "CVE-2020-2912", "CVE-2020-2913", "CVE-2020-2914", "CVE-2020-2915", "CVE-2020-2920", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2927", "CVE-2020-2928", "CVE-2020-2929", "CVE-2020-2930", "CVE-2020-2931", "CVE-2020-2932", "CVE-2020-2933", "CVE-2020-2934", "CVE-2020-2935", "CVE-2020-2936", "CVE-2020-2937", "CVE-2020-2938", "CVE-2020-2939", "CVE-2020-2940", "CVE-2020-2941", "CVE-2020-2942", "CVE-2020-2943", "CVE-2020-2944", "CVE-2020-2945", "CVE-2020-2946", "CVE-2020-2947", "CVE-2020-2949", "CVE-2020-2950", "CVE-2020-2951", "CVE-2020-2952", "CVE-2020-2953", "CVE-2020-2954", "CVE-2020-2955", "CVE-2020-2956", "CVE-2020-2958", "CVE-2020-2959", "CVE-2020-2961", "CVE-2020-2963", "CVE-2020-2964", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-7044", "CVE-2020-8840"], "modified": "2020-07-20T00:00:00", "id": "ORACLE:CPUAPR2020", "href": "https://www.oracle.com/security-alerts/cpuapr2020.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
CVE-2020-2895
