ID F5:K43540241
Type f5
Reporter f5
Modified 2019-04-25T07:09:00
Description
F5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.
None
{"id": "F5:K43540241", "bulletinFamily": "software", "title": "MySQL vulnerabilities CVE-2019-2620, CVE-2019-2623, CVE-2019-2624, CVE-2019-2625, and CVE-2019-2626", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "published": "2019-04-25T07:09:00", "modified": "2019-04-25T07:09:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "href": "https://support.f5.com/csp/article/K43540241", "reporter": "f5", "references": [], "cvelist": ["CVE-2019-2624", "CVE-2019-2623", "CVE-2019-2620", "CVE-2019-2626", "CVE-2019-2625"], "type": "f5", "lastseen": "2020-04-06T22:40:42", "edition": 1, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-2623", "CVE-2019-2620", "CVE-2019-2625", "CVE-2019-2626", "CVE-2019-2624"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310876745", "OPENVAS:1361412562310876754", "OPENVAS:1361412562310142401", "OPENVAS:1361412562310142400"]}, {"type": "nessus", "idList": ["PHOTONOS_PHSA-2019-3_0-0015_MYSQL.NASL", "FEDORA_2019-96516CE0AC.NASL", "REDHAT-RHSA-2019-2511.NASL", "FEDORA_2019-C106E46A95.NASL", "MYSQL_8_0_16.NASL", "ORACLELINUX_ELSA-2019-2511.NASL"]}, {"type": "redhat", "idList": ["RHSA-2019:2511", "RHSA-2019:2484"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2511"]}, {"type": "fedora", "idList": ["FEDORA:DD3AE60954BE", "FEDORA:A29B160972B0"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2019", "ORACLE:CPUAPR2019-5072813"]}], "modified": "2020-04-06T22:40:42", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2020-04-06T22:40:42", "rev": 2}, "vulnersScore": 5.3}, "affectedSoftware": []}
{"cve": [{"lastseen": "2020-12-09T21:41:51", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", "edition": 10, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-04-23T19:32:00", "title": "CVE-2019-2623", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2623"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:oracle:mysql:8.0.15"], "id": "CVE-2019-2623", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2623", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:8.0.15:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:51", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 10, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-04-23T19:32:00", "title": "CVE-2019-2624", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2624"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:oracle:mysql:8.0.15"], "id": "CVE-2019-2624", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2624", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:8.0.15:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:51", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 10, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-04-23T19:32:00", "title": "CVE-2019-2626", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2626"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:oracle:mysql:8.0.15"], "id": "CVE-2019-2626", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2626", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:8.0.15:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:51", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 11, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-04-23T19:32:00", "title": "CVE-2019-2620", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2620"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:oracle:mysql:8.0.15"], "id": "CVE-2019-2620", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2620", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:8.0.15:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:51", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "edition": 10, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-04-23T19:32:00", "title": "CVE-2019-2625", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2625"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:oracle:mysql:8.0.15"], "id": "CVE-2019-2625", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2625", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:8.0.15:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:32:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2688", "CVE-2019-2634", "CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2685", "CVE-2019-2587", "CVE-2019-2689", "CVE-2019-2596", "CVE-2019-2695", "CVE-2019-2624", "CVE-2019-2681", "CVE-2019-2580", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2623", "CVE-2019-2589", "CVE-2019-2691", "CVE-2019-2694", "CVE-2019-2630", "CVE-2019-2636", "CVE-2019-2693", "CVE-2019-2631", "CVE-2019-2635", "CVE-2019-2644", "CVE-2019-2607", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2626", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2625"], "description": "Oracle MySQL is prone to multiple vulnerabilities.", "modified": "2019-05-20T00:00:00", "published": "2019-05-13T00:00:00", "id": "OPENVAS:1361412562310142401", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142401", "type": "openvas", "title": "Oracle MySQL 8.0.x < 8.0.16 Security Update (2019-5072813) - Windows", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142401\");\n script_version(\"2019-05-20T12:55:29+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-20 12:55:29 +0000 (Mon, 20 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-13 09:51:44 +0000 (Mon, 13 May 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_cve_id(\"CVE-2019-2693\", \"CVE-2019-2694\", \"CVE-2019-2695\", \"CVE-2019-2623\", \"CVE-2019-2630\",\n \"CVE-2019-2634\", \"CVE-2019-2580\", \"CVE-2019-2585\", \"CVE-2019-2593\", \"CVE-2019-2624\",\n \"CVE-2019-2626\", \"CVE-2019-2644\", \"CVE-2019-2631\", \"CVE-2019-2596\", \"CVE-2019-2607\",\n \"CVE-2019-2625\", \"CVE-2019-2681\", \"CVE-2019-2685\", \"CVE-2019-2686\", \"CVE-2019-2687\",\n \"CVE-2019-2688\", \"CVE-2019-2689\", \"CVE-2019-2587\", \"CVE-2019-2635\", \"CVE-2019-2584\",\n \"CVE-2019-2589\", \"CVE-2019-2606\", \"CVE-2019-2620\", \"CVE-2019-2691\", \"CVE-2019-2636\",\n \"CVE-2019-2617\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL 8.0.x < 8.0.16 Security Update (2019-5072813) - Windows\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The attacks range in variety and difficulty. Most of them allow an attacker\n with network access via multiple protocols to compromise the MySQL Server.\n\n For further information refer to the official advisory via the referenced link.\");\n\n script_tag(name:\"affected\", value:\"MySQL 8.0.15 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 8.0.16 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.15\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.16\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2688", "CVE-2019-2634", "CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2685", "CVE-2019-2587", "CVE-2019-2689", "CVE-2019-2596", "CVE-2019-2695", "CVE-2019-2624", "CVE-2019-2681", "CVE-2019-2580", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2692", "CVE-2019-2589", "CVE-2019-2691", "CVE-2019-2694", "CVE-2019-2630", "CVE-2019-2636", "CVE-2019-2693", "CVE-2019-2631", "CVE-2019-2635", "CVE-2019-2644", "CVE-2019-2607", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2626", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2625"], "description": "Oracle MySQL is prone to multiple vulnerabilities.", "modified": "2019-05-13T00:00:00", "published": "2019-05-13T00:00:00", "id": "OPENVAS:1361412562310142400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142400", "type": "openvas", "title": "Oracle MySQL 8.0.x < 8.0.16 Security Update (2019-5072813) - Linux", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142400\");\n script_version(\"2019-05-13T13:15:15+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-13 13:15:15 +0000 (Mon, 13 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-13 09:38:08 +0000 (Mon, 13 May 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_cve_id(\"CVE-2019-2693\", \"CVE-2019-2694\", \"CVE-2019-2695\", \"CVE-2019-2692\", \"CVE-2019-2630\",\n \"CVE-2019-2634\", \"CVE-2019-2580\", \"CVE-2019-2585\", \"CVE-2019-2593\", \"CVE-2019-2624\",\n \"CVE-2019-2626\", \"CVE-2019-2644\", \"CVE-2019-2631\", \"CVE-2019-2596\", \"CVE-2019-2607\",\n \"CVE-2019-2625\", \"CVE-2019-2681\", \"CVE-2019-2685\", \"CVE-2019-2686\", \"CVE-2019-2687\",\n \"CVE-2019-2688\", \"CVE-2019-2689\", \"CVE-2019-2587\", \"CVE-2019-2635\", \"CVE-2019-2584\",\n \"CVE-2019-2589\", \"CVE-2019-2606\", \"CVE-2019-2620\", \"CVE-2019-2691\", \"CVE-2019-2636\",\n \"CVE-2019-2617\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL 8.0.x < 8.0.16 Security Update (2019-5072813) - Linux\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The attacks range in variety and difficulty. Most of them allow an attacker\n with network access via multiple protocols to compromise the MySQL Server.\n\n For further information refer to the official advisory via the referenced link.\");\n\n script_tag(name:\"affected\", value:\"MySQL 8.0.15 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 8.0.16 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.15\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.16\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-09-06T18:49:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2740", "CVE-2019-2587", "CVE-2019-2614", "CVE-2019-2784", "CVE-2019-2596", "CVE-2019-2785", "CVE-2019-2580", "CVE-2019-2758", "CVE-2019-2778", "CVE-2019-2789", "CVE-2019-2737", "CVE-2019-2752", "CVE-2019-2581", "CVE-2019-2589", "CVE-2019-2738", "CVE-2019-2757", "CVE-2019-2739", "CVE-2019-2774", "CVE-2019-2607", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2780", "CVE-2019-2584", "CVE-2019-2755", "CVE-2019-2585"], "description": "The remote host is missing an update for the ", "modified": "2019-09-05T00:00:00", "published": "2019-09-05T00:00:00", "id": "OPENVAS:1361412562310876754", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876754", "type": "openvas", "title": "Fedora Update for community-mysql FEDORA-2019-c106e46a95", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876754\");\n script_version(\"2019-09-05T09:53:24+0000\");\n script_cve_id(\"CVE-2019-2580\", \"CVE-2019-2581\", \"CVE-2019-2584\", \"CVE-2019-2585\", \"CVE-2019-2587\", \"CVE-2019-2589\", \"CVE-2019-2592\", \"CVE-2019-2593\", \"CVE-2019-2596\", \"CVE-2019-2606\", \"CVE-2019-2607\", \"CVE-2019-2614\", \"CVE-2019-2617\", \"CVE-2019-2620\", \"CVE-2019-2737\", \"CVE-2019-2738\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2752\", \"CVE-2019-2755\", \"CVE-2019-2757\", \"CVE-2019-2758\", \"CVE-2019-2774\", \"CVE-2019-2778\", \"CVE-2019-2780\", \"CVE-2019-2784\", \"CVE-2019-2785\", \"CVE-2019-2789\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-05 09:53:24 +0000 (Thu, 05 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-05 02:27:07 +0000 (Thu, 05 Sep 2019)\");\n script_name(\"Fedora Update for community-mysql FEDORA-2019-c106e46a95\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-c106e46a95\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the FEDORA-2019-c106e46a95 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\nclient/server implementation consisting of a server daemon (mysqld)\nand many different client programs and libraries. The base package\ncontains the standard MySQL client programs and generic MySQL files.\");\n\n script_tag(name:\"affected\", value:\"'community-mysql' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~8.0.17~2.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2019-09-06T18:49:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-3170", "CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2740", "CVE-2019-2529", "CVE-2019-2532", "CVE-2019-2587", "CVE-2018-3137", "CVE-2018-3174", "CVE-2018-3203", "CVE-2019-2614", "CVE-2019-2784", "CVE-2019-2596", "CVE-2019-2785", "CVE-2019-2494", "CVE-2018-3280", "CVE-2018-3247", "CVE-2019-2531", "CVE-2019-2580", "CVE-2019-2528", "CVE-2018-3285", "CVE-2019-2434", "CVE-2018-3282", "CVE-2019-2758", "CVE-2018-3145", "CVE-2018-3133", "CVE-2018-3182", "CVE-2019-2486", "CVE-2019-2482", "CVE-2019-2778", "CVE-2019-2789", "CVE-2018-3144", "CVE-2019-2737", "CVE-2018-3212", "CVE-2019-2530", "CVE-2018-3173", "CVE-2018-3187", "CVE-2018-3276", "CVE-2018-3156", "CVE-2019-2420", "CVE-2019-2752", "CVE-2019-2581", "CVE-2019-2589", "CVE-2019-2536", "CVE-2019-2738", "CVE-2018-3161", "CVE-2018-3251", "CVE-2019-2537", "CVE-2019-2539", "CVE-2018-3155", "CVE-2019-2436", "CVE-2019-2534", "CVE-2019-2757", "CVE-2019-2510", "CVE-2019-2502", "CVE-2018-3279", "CVE-2019-2535", "CVE-2018-3284", "CVE-2019-2739", "CVE-2018-3162", "CVE-2018-3278", "CVE-2018-3186", "CVE-2018-3171", "CVE-2018-3143", "CVE-2019-2774", "CVE-2018-3277", "CVE-2019-2607", "CVE-2019-2507", "CVE-2019-2533", "CVE-2018-3185", "CVE-2019-2503", "CVE-2019-2620", "CVE-2019-2593", "CVE-2018-3283", "CVE-2018-3286", "CVE-2019-2495", "CVE-2019-2780", "CVE-2018-3200", "CVE-2019-2584", "CVE-2018-3195", "CVE-2019-2755", "CVE-2019-2585", "CVE-2019-2481", "CVE-2019-2455"], "description": "The remote host is missing an update for the ", "modified": "2019-09-05T00:00:00", "published": "2019-09-05T00:00:00", "id": "OPENVAS:1361412562310876745", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876745", "type": "openvas", "title": "Fedora Update for community-mysql FEDORA-2019-96516ce0ac", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876745\");\n script_version(\"2019-09-05T09:53:24+0000\");\n script_cve_id(\"CVE-2019-2420\", \"CVE-2019-2434\", \"CVE-2019-2436\", \"CVE-2019-2455\", \"CVE-2019-2481\", \"CVE-2019-2482\", \"CVE-2019-2486\", \"CVE-2019-2494\", \"CVE-2019-2495\", \"CVE-2019-2502\", \"CVE-2019-2503\", \"CVE-2019-2507\", \"CVE-2019-2510\", \"CVE-2019-2528\", \"CVE-2019-2529\", \"CVE-2019-2530\", \"CVE-2019-2531\", \"CVE-2019-2532\", \"CVE-2019-2533\", \"CVE-2019-2534\", \"CVE-2019-2535\", \"CVE-2019-2536\", \"CVE-2019-2537\", \"CVE-2019-2539\", \"CVE-2018-3276\", \"CVE-2018-3200\", \"CVE-2018-3137\", \"CVE-2018-3284\", \"CVE-2018-3195\", \"CVE-2018-3173\", \"CVE-2018-3212\", \"CVE-2018-3279\", \"CVE-2018-3162\", \"CVE-2018-3247\", \"CVE-2018-3156\", \"CVE-2018-3161\", \"CVE-2018-3278\", \"CVE-2018-3174\", \"CVE-2018-3282\", \"CVE-2018-3285\", \"CVE-2018-3187\", \"CVE-2018-3277\", \"CVE-2018-3144\", \"CVE-2018-3145\", \"CVE-2018-3170\", \"CVE-2018-3186\", \"CVE-2018-3182\", \"CVE-2018-3133\", \"CVE-2018-3143\", \"CVE-2018-3283\", \"CVE-2018-3171\", \"CVE-2018-3251\", \"CVE-2018-3286\", \"CVE-2018-3185\", \"CVE-2018-3280\", \"CVE-2018-3203\", \"CVE-2018-3155\", \"CVE-2019-2580\", \"CVE-2019-2581\", \"CVE-2019-2584\", \"CVE-2019-2585\", \"CVE-2019-2587\", \"CVE-2019-2589\", \"CVE-2019-2592\", \"CVE-2019-2593\", \"CVE-2019-2596\", \"CVE-2019-2606\", \"CVE-2019-2607\", \"CVE-2019-2614\", \"CVE-2019-2617\", \"CVE-2019-2620\", \"CVE-2019-2737\", \"CVE-2019-2738\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2752\", \"CVE-2019-2755\", \"CVE-2019-2757\", \"CVE-2019-2758\", \"CVE-2019-2774\", \"CVE-2019-2778\", \"CVE-2019-2780\", \"CVE-2019-2784\", \"CVE-2019-2785\", \"CVE-2019-2789\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-05 09:53:24 +0000 (Thu, 05 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-05 02:24:26 +0000 (Thu, 05 Sep 2019)\");\n script_name(\"Fedora Update for community-mysql FEDORA-2019-96516ce0ac\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-96516ce0ac\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the FEDORA-2019-96516ce0ac advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\nclient/server implementation consisting of a server daemon (mysqld)\nand many different client programs and libraries. The base package\ncontains the standard MySQL client programs and generic MySQL files.\");\n\n script_tag(name:\"affected\", value:\"'community-mysql' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~8.0.17~2.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-01T01:08:32", "description": "An update of the mysql package has been released.", "edition": 17, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-06-24T00:00:00", "title": "Photon OS 3.0: Mysql PHSA-2019-3.0-0015", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2688", "CVE-2019-2634", "CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2685", "CVE-2019-2683", "CVE-2019-2587", "CVE-2019-2614", "CVE-2019-2689", "CVE-2019-2596", "CVE-2019-2695", "CVE-2019-2624", "CVE-2019-2681", "CVE-2019-2580", "CVE-2019-2566", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2623", "CVE-2019-2581", "CVE-2019-2589", "CVE-2019-2691", "CVE-2019-2694", "CVE-2019-2630", "CVE-2019-2636", "CVE-2019-2693", "CVE-2019-2631", "CVE-2019-2632", "CVE-2019-2628", "CVE-2019-2635", "CVE-2019-2644", "CVE-2019-2627", "CVE-2019-2607", "CVE-2019-11815", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2626", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2625"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:mysql", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0015_MYSQL.NASL", "href": "https://www.tenable.com/plugins/nessus/126117", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0015. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126117);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/09\");\n\n script_cve_id(\n \"CVE-2019-2566\",\n \"CVE-2019-2580\",\n \"CVE-2019-2581\",\n \"CVE-2019-2584\",\n \"CVE-2019-2585\",\n \"CVE-2019-2587\",\n \"CVE-2019-2589\",\n \"CVE-2019-2592\",\n \"CVE-2019-2593\",\n \"CVE-2019-2596\",\n \"CVE-2019-2606\",\n \"CVE-2019-2607\",\n \"CVE-2019-2614\",\n \"CVE-2019-2617\",\n \"CVE-2019-2620\",\n \"CVE-2019-2623\",\n \"CVE-2019-2624\",\n \"CVE-2019-2625\",\n \"CVE-2019-2626\",\n \"CVE-2019-2627\",\n \"CVE-2019-2628\",\n \"CVE-2019-2630\",\n \"CVE-2019-2631\",\n \"CVE-2019-2632\",\n \"CVE-2019-2634\",\n \"CVE-2019-2635\",\n \"CVE-2019-2636\",\n \"CVE-2019-2644\",\n \"CVE-2019-2681\",\n \"CVE-2019-2683\",\n \"CVE-2019-2685\",\n \"CVE-2019-2686\",\n \"CVE-2019-2687\",\n \"CVE-2019-2688\",\n \"CVE-2019-2689\",\n \"CVE-2019-2691\",\n \"CVE-2019-2693\",\n \"CVE-2019-2694\",\n \"CVE-2019-2695\"\n );\n script_bugtraq_id(\n 107913,\n 107924,\n 107927,\n 107928\n );\n\n script_name(english:\"Photon OS 3.0: Mysql PHSA-2019-3.0-0015\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the mysql package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0015.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11815\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"mysql-8.0.16-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"mysql-debuginfo-8.0.16-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"mysql-devel-8.0.16-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T16:25:00", "description": "The version of MySQL running on the remote host is 8.0.x prior to\n8.0.16. It is, therefore, affected by multiple vulnerabilities,\nincluding four of the top vulnerabilities below, as noted in the\nApril 2019 and July 2019 Critical Patch Update advisories:\n\n - An unspecified vulnerability in the 'Server: Packaging\n (cURL)' subcomponent could allow an unauthenticated\n attacker to gain complete control of an affected instance\n of MySQL Server. (CVE-2019-3822)\n\n - An unspecified vulnerability in the 'Server: Pluggable\n Auth' subcomponent could allow an unauthenticated\n attacker to gain complete access to all MySQL Server\n accessible data. (CVE-2019-2632)\n\n - Multiple denial of service vulnerabilities exist in the\n 'Server: Optimizer' subcomponent and could allow a low\n priviledged attacker to cause the server to hang or to,\n via a frequently repeatable crash, cause a complete\n denial of service. (CVE-2019-2693, CVE-2019-2694,\n CVE-2019-2695)\n\n - An unspecified vulnerability in the\n 'Server: Compiling (OpenSSL)' subcomponent could allow\n an unauthenticated attacker to gain complete access to\n all MySQL Server accessible data. (CVE-2019-1559)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\n", "edition": 10, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-18T00:00:00", "title": "MySQL 8.0.x < 8.0.16 Multiple Vulnerabilities (Apr 2019 CPU) (Jul 2019 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2688", "CVE-2019-2634", "CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2685", "CVE-2019-2683", "CVE-2019-2798", "CVE-2019-2587", "CVE-2019-2614", "CVE-2019-2689", "CVE-2019-2596", "CVE-2019-2695", "CVE-2019-2624", "CVE-2019-2681", "CVE-2019-2580", "CVE-2019-3823", "CVE-2019-2566", "CVE-2019-2686", "CVE-2019-2687", "CVE-2018-16890", "CVE-2019-2623", "CVE-2019-2581", "CVE-2019-2589", "CVE-2019-2691", "CVE-2019-2694", "CVE-2019-2630", "CVE-2019-2636", "CVE-2019-2693", "CVE-2019-2631", "CVE-2019-2632", "CVE-2019-2628", "CVE-2019-2635", "CVE-2019-2644", "CVE-2019-2627", "CVE-2019-2607", "CVE-2019-1559", "CVE-2019-3822", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2626", "CVE-2019-2584", "CVE-2019-2755", "CVE-2019-2585", "CVE-2019-2625"], "modified": "2019-04-18T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_8_0_16.NASL", "href": "https://www.tenable.com/plugins/nessus/124160", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124160);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/17\");\n\n script_cve_id(\n \"CVE-2019-1559\",\n \"CVE-2019-2566\",\n \"CVE-2019-2580\",\n \"CVE-2019-2581\",\n \"CVE-2019-2584\",\n \"CVE-2019-2585\",\n \"CVE-2019-2587\",\n \"CVE-2019-2589\",\n \"CVE-2019-2592\",\n \"CVE-2019-2593\",\n \"CVE-2019-2596\",\n \"CVE-2019-2606\",\n \"CVE-2019-2607\",\n \"CVE-2019-2614\",\n \"CVE-2019-2617\",\n \"CVE-2019-2620\",\n \"CVE-2019-2623\",\n \"CVE-2019-2624\",\n \"CVE-2019-2625\",\n \"CVE-2019-2626\",\n \"CVE-2019-2627\",\n \"CVE-2019-2628\",\n \"CVE-2019-2630\",\n \"CVE-2019-2631\",\n \"CVE-2019-2632\",\n \"CVE-2019-2634\",\n \"CVE-2019-2635\",\n \"CVE-2019-2636\",\n \"CVE-2019-2644\",\n \"CVE-2019-2681\",\n \"CVE-2019-2683\",\n \"CVE-2019-2685\",\n \"CVE-2019-2686\",\n \"CVE-2019-2687\",\n \"CVE-2019-2688\",\n \"CVE-2019-2689\",\n \"CVE-2019-2691\",\n \"CVE-2019-2693\",\n \"CVE-2019-2694\",\n \"CVE-2019-2695\",\n \"CVE-2019-2755\",\n \"CVE-2019-2798\",\n \"CVE-2019-3822\",\n \"CVE-2018-16890\",\n \"CVE-2019-3823\"\n );\n script_bugtraq_id(\n 106950,\n 107174,\n 107913,\n 107924,\n 107927,\n 107928,\n 109259,\n 109260\n );\n\n script_name(english:\"MySQL 8.0.x < 8.0.16 Multiple Vulnerabilities (Apr 2019 CPU) (Jul 2019 CPU)\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 8.0.x prior to\n8.0.16. It is, therefore, affected by multiple vulnerabilities,\nincluding four of the top vulnerabilities below, as noted in the\nApril 2019 and July 2019 Critical Patch Update advisories:\n\n - An unspecified vulnerability in the 'Server: Packaging\n (cURL)' subcomponent could allow an unauthenticated\n attacker to gain complete control of an affected instance\n of MySQL Server. (CVE-2019-3822)\n\n - An unspecified vulnerability in the 'Server: Pluggable\n Auth' subcomponent could allow an unauthenticated\n attacker to gain complete access to all MySQL Server\n accessible data. (CVE-2019-2632)\n\n - Multiple denial of service vulnerabilities exist in the\n 'Server: Optimizer' subcomponent and could allow a low\n priviledged attacker to cause the server to hang or to,\n via a frequently repeatable crash, cause a complete\n denial of service. (CVE-2019-2693, CVE-2019-2694,\n CVE-2019-2695)\n\n - An unspecified vulnerability in the\n 'Server: Compiling (OpenSSL)' subcomponent could allow\n an unauthenticated attacker to gain complete access to\n all MySQL Server accessible data. (CVE-2019-1559)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\n\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-16.html\");\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e6252734\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 8.0.16 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3822\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'8.0.16', min:'8.0', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:46:32", "description": "From Red Hat Security Advisory 2019:2511 :\n\nAn update for the mysql:8.0 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version:\nmysql (8.0.17).\n\nSecurity Fix(es) :\n\n* mysql: Server: Replication multiple unspecified vulnerabilities\n(CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534,\nCVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634,\nCVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities\n(CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529,\nCVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607,\nCVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686,\nCVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693,\nCVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774,\nCVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808,\nCVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830,\nCVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities\n(CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities\n(CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified\nvulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533,\nCVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620,\nCVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811,\nCVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities\n(CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626,\nCVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502,\nCVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593,\nCVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785,\nCVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability\n(CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities\n(CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities\n(CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability\n(CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability\n(CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities\n(CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability\n(CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability\n(CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability\n(CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 18, "cvss3": {"score": 5.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-08-20T00:00:00", "title": "Oracle Linux 8 : mysql:8.0 (ELSA-2019-2511)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2688", "CVE-2019-2634", "CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2685", "CVE-2019-2740", "CVE-2019-2683", "CVE-2019-2529", "CVE-2019-2532", "CVE-2019-2795", "CVE-2019-2798", "CVE-2019-2587", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2019-2614", "CVE-2019-2784", "CVE-2019-2879", "CVE-2019-2689", "CVE-2019-2596", "CVE-2019-2948", "CVE-2019-2785", "CVE-2019-2494", "CVE-2019-2695", "CVE-2019-2624", "CVE-2019-3003", "CVE-2019-2531", "CVE-2019-2681", "CVE-2019-2580", "CVE-2019-2528", "CVE-2019-2808", "CVE-2019-2434", "CVE-2019-2758", "CVE-2019-2830", "CVE-2019-2805", "CVE-2019-2686", "CVE-2019-2486", "CVE-2019-2810", "CVE-2019-2482", "CVE-2019-2778", "CVE-2019-2826", "CVE-2019-2789", "CVE-2019-2687", "CVE-2019-2737", "CVE-2019-2530", "CVE-2019-2420", "CVE-2019-2950", "CVE-2019-2623", "CVE-2019-2752", "CVE-2019-2581", "CVE-2019-2589", "CVE-2019-2691", "CVE-2019-2536", "CVE-2019-2738", "CVE-2019-2803", "CVE-2019-2537", "CVE-2019-2694", "CVE-2019-2630", "CVE-2019-2539", "CVE-2019-2636", "CVE-2019-2693", "CVE-2019-2436", "CVE-2019-2534", "CVE-2019-2631", "CVE-2019-2757", "CVE-2019-2510", "CVE-2019-2502", "CVE-2019-2815", "CVE-2019-2796", "CVE-2019-2535", "CVE-2019-2739", "CVE-2019-2797", "CVE-2019-2628", "CVE-2019-2635", "CVE-2019-2644", "CVE-2019-2627", "CVE-2019-2774", "CVE-2019-2812", "CVE-2019-2607", "CVE-2019-2507", "CVE-2019-2533", "CVE-2019-2503", "CVE-2019-2800", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2626", "CVE-2019-2495", "CVE-2019-2780", "CVE-2019-2834", "CVE-2019-2584", "CVE-2019-2819", "CVE-2019-2755", "CVE-2019-2801", "CVE-2019-2585", "CVE-2019-2625", "CVE-2019-2481", "CVE-2019-2455", "CVE-2019-2969"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:mecab-ipadic", "p-cpe:/a:oracle:linux:mecab-ipadic-EUCJP", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:oracle:linux:mysql-devel", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:mysql-common", "p-cpe:/a:oracle:linux:mysql-libs", "p-cpe:/a:oracle:linux:mysql-errmsg", "p-cpe:/a:oracle:linux:mysql-test", "p-cpe:/a:oracle:linux:mecab", "p-cpe:/a:oracle:linux:mysql-server"], "id": "ORACLELINUX_ELSA-2019-2511.NASL", "href": "https://www.tenable.com/plugins/nessus/127983", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:2511 and \n# Oracle Linux Security Advisory ELSA-2019-2511 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127983);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-2420\", \"CVE-2019-2434\", \"CVE-2019-2436\", \"CVE-2019-2455\", \"CVE-2019-2481\", \"CVE-2019-2482\", \"CVE-2019-2486\", \"CVE-2019-2494\", \"CVE-2019-2495\", \"CVE-2019-2502\", \"CVE-2019-2503\", \"CVE-2019-2507\", \"CVE-2019-2510\", \"CVE-2019-2528\", \"CVE-2019-2529\", \"CVE-2019-2530\", \"CVE-2019-2531\", \"CVE-2019-2532\", \"CVE-2019-2533\", \"CVE-2019-2534\", \"CVE-2019-2535\", \"CVE-2019-2536\", \"CVE-2019-2537\", \"CVE-2019-2539\", \"CVE-2019-2580\", \"CVE-2019-2581\", \"CVE-2019-2584\", \"CVE-2019-2585\", \"CVE-2019-2587\", \"CVE-2019-2589\", \"CVE-2019-2592\", \"CVE-2019-2593\", \"CVE-2019-2596\", \"CVE-2019-2606\", \"CVE-2019-2607\", \"CVE-2019-2614\", \"CVE-2019-2617\", \"CVE-2019-2620\", \"CVE-2019-2623\", \"CVE-2019-2624\", \"CVE-2019-2625\", \"CVE-2019-2626\", \"CVE-2019-2627\", \"CVE-2019-2628\", \"CVE-2019-2630\", \"CVE-2019-2631\", \"CVE-2019-2634\", \"CVE-2019-2635\", \"CVE-2019-2636\", \"CVE-2019-2644\", \"CVE-2019-2681\", \"CVE-2019-2683\", \"CVE-2019-2685\", \"CVE-2019-2686\", \"CVE-2019-2687\", \"CVE-2019-2688\", \"CVE-2019-2689\", \"CVE-2019-2691\", \"CVE-2019-2693\", \"CVE-2019-2694\", \"CVE-2019-2695\", \"CVE-2019-2737\", \"CVE-2019-2738\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2752\", \"CVE-2019-2755\", \"CVE-2019-2757\", \"CVE-2019-2758\", \"CVE-2019-2774\", \"CVE-2019-2778\", \"CVE-2019-2780\", \"CVE-2019-2784\", \"CVE-2019-2785\", \"CVE-2019-2789\", \"CVE-2019-2795\", \"CVE-2019-2796\", \"CVE-2019-2797\", \"CVE-2019-2798\", \"CVE-2019-2800\", \"CVE-2019-2801\", \"CVE-2019-2802\", \"CVE-2019-2803\", \"CVE-2019-2805\", \"CVE-2019-2808\", \"CVE-2019-2810\", \"CVE-2019-2811\", \"CVE-2019-2812\", \"CVE-2019-2814\", \"CVE-2019-2815\", \"CVE-2019-2819\", \"CVE-2019-2826\", \"CVE-2019-2830\", \"CVE-2019-2834\", \"CVE-2019-2879\", \"CVE-2019-2948\", \"CVE-2019-2950\", \"CVE-2019-2969\", \"CVE-2019-3003\");\n script_xref(name:\"RHSA\", value:\"2019:2511\");\n\n script_name(english:\"Oracle Linux 8 : mysql:8.0 (ELSA-2019-2511)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:2511 :\n\nAn update for the mysql:8.0 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version:\nmysql (8.0.17).\n\nSecurity Fix(es) :\n\n* mysql: Server: Replication multiple unspecified vulnerabilities\n(CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534,\nCVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634,\nCVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities\n(CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529,\nCVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607,\nCVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686,\nCVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693,\nCVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774,\nCVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808,\nCVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830,\nCVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities\n(CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities\n(CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified\nvulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533,\nCVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620,\nCVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811,\nCVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities\n(CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626,\nCVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502,\nCVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593,\nCVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785,\nCVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability\n(CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities\n(CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities\n(CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability\n(CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability\n(CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities\n(CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability\n(CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability\n(CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability\n(CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-August/009076.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql:8.0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2819\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mecab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mecab-0.996-1.module+el8.0.0+5253+1dce7bb2.9\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mecab-ipadic-2.7.0.20070801-16.0.1.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mecab-ipadic-EUCJP-2.7.0.20070801-16.0.1.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-common-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-devel-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-errmsg-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-libs-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-server-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-test-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mecab / mecab-ipadic / mecab-ipadic-EUCJP / mysql / mysql-common / etc\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-05-23T03:51:50", "description": "An update for the mysql:8.0 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version:\nmysql (8.0.17).\n\nSecurity Fix(es) :\n\n* mysql: Server: Replication multiple unspecified vulnerabilities\n(CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534,\nCVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634,\nCVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities\n(CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529,\nCVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607,\nCVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686,\nCVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693,\nCVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774,\nCVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808,\nCVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830,\nCVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities\n(CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities\n(CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified\nvulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533,\nCVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620,\nCVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811,\nCVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities\n(CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626,\nCVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502,\nCVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593,\nCVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785,\nCVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability\n(CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities\n(CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities\n(CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability\n(CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability\n(CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities\n(CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability\n(CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability\n(CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability\n(CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 12, "cvss3": {"score": 5.5, "vector": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-08-20T00:00:00", "title": "RHEL 8 : mysql:8.0 (RHSA-2019:2511)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2688", "CVE-2019-2634", "CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2685", "CVE-2019-2740", "CVE-2019-2683", "CVE-2019-2529", "CVE-2019-2532", "CVE-2019-2795", "CVE-2019-2798", "CVE-2019-2587", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2019-2614", "CVE-2019-2784", "CVE-2019-2879", "CVE-2019-2689", "CVE-2019-2596", "CVE-2019-2948", "CVE-2019-2785", "CVE-2019-2494", "CVE-2019-2695", "CVE-2019-2624", "CVE-2019-3003", "CVE-2019-2531", "CVE-2019-2681", "CVE-2019-2580", "CVE-2019-2528", "CVE-2019-2808", "CVE-2019-2434", "CVE-2019-2758", "CVE-2019-2830", "CVE-2019-2805", "CVE-2019-2686", "CVE-2019-2486", "CVE-2019-2810", "CVE-2019-2482", "CVE-2019-2778", "CVE-2019-2826", "CVE-2019-2789", "CVE-2019-2687", "CVE-2019-2737", "CVE-2019-2530", "CVE-2019-2420", "CVE-2019-2950", "CVE-2019-2623", "CVE-2019-2752", "CVE-2019-2581", "CVE-2019-2589", "CVE-2019-2691", "CVE-2019-2536", "CVE-2019-2738", "CVE-2019-2803", "CVE-2019-2537", "CVE-2019-2694", "CVE-2019-2630", "CVE-2019-2539", "CVE-2019-2636", "CVE-2019-2693", "CVE-2019-2436", "CVE-2019-2534", "CVE-2019-2631", "CVE-2019-2757", "CVE-2019-2510", "CVE-2019-2502", "CVE-2019-2815", "CVE-2019-2796", "CVE-2019-2535", "CVE-2019-2739", "CVE-2019-2797", "CVE-2019-2628", "CVE-2019-2635", "CVE-2019-2644", "CVE-2019-2627", "CVE-2019-2774", "CVE-2019-2812", "CVE-2019-2607", "CVE-2019-2507", "CVE-2019-2533", "CVE-2019-2503", "CVE-2019-2800", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2626", "CVE-2019-2495", "CVE-2019-2780", "CVE-2019-2834", "CVE-2019-2584", "CVE-2019-2819", "CVE-2019-2755", "CVE-2019-2801", "CVE-2019-2585", "CVE-2019-2625", "CVE-2019-2481", "CVE-2019-2455", "CVE-2019-2969"], "modified": "2019-08-20T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:mysql-errmsg", "p-cpe:/a:redhat:enterprise_linux:mecab-ipadic", "p-cpe:/a:redhat:enterprise_linux:mysql-debugsource", "p-cpe:/a:redhat:enterprise_linux:mysql-devel", "p-cpe:/a:redhat:enterprise_linux:mecab", "p-cpe:/a:redhat:enterprise_linux:mecab-debugsource", "p-cpe:/a:redhat:enterprise_linux:mysql-server", "p-cpe:/a:redhat:enterprise_linux:mysql-test", "p-cpe:/a:redhat:enterprise_linux:mysql-common", "p-cpe:/a:redhat:enterprise_linux:mysql-libs", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8.0", "p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-EUCJP", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "REDHAT-RHSA-2019-2511.NASL", "href": "https://www.tenable.com/plugins/nessus/127991", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:2511. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127991);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/22\");\n\n script_cve_id(\"CVE-2019-2420\", \"CVE-2019-2434\", \"CVE-2019-2436\", \"CVE-2019-2455\", \"CVE-2019-2481\", \"CVE-2019-2482\", \"CVE-2019-2486\", \"CVE-2019-2494\", \"CVE-2019-2495\", \"CVE-2019-2502\", \"CVE-2019-2503\", \"CVE-2019-2507\", \"CVE-2019-2510\", \"CVE-2019-2528\", \"CVE-2019-2529\", \"CVE-2019-2530\", \"CVE-2019-2531\", \"CVE-2019-2532\", \"CVE-2019-2533\", \"CVE-2019-2534\", \"CVE-2019-2535\", \"CVE-2019-2536\", \"CVE-2019-2537\", \"CVE-2019-2539\", \"CVE-2019-2580\", \"CVE-2019-2581\", \"CVE-2019-2584\", \"CVE-2019-2585\", \"CVE-2019-2587\", \"CVE-2019-2589\", \"CVE-2019-2592\", \"CVE-2019-2593\", \"CVE-2019-2596\", \"CVE-2019-2606\", \"CVE-2019-2607\", \"CVE-2019-2614\", \"CVE-2019-2617\", \"CVE-2019-2620\", \"CVE-2019-2623\", \"CVE-2019-2624\", \"CVE-2019-2625\", \"CVE-2019-2626\", \"CVE-2019-2627\", \"CVE-2019-2628\", \"CVE-2019-2630\", \"CVE-2019-2631\", \"CVE-2019-2634\", \"CVE-2019-2635\", \"CVE-2019-2636\", \"CVE-2019-2644\", \"CVE-2019-2681\", \"CVE-2019-2683\", \"CVE-2019-2685\", \"CVE-2019-2686\", \"CVE-2019-2687\", \"CVE-2019-2688\", \"CVE-2019-2689\", \"CVE-2019-2691\", \"CVE-2019-2693\", \"CVE-2019-2694\", \"CVE-2019-2695\", \"CVE-2019-2737\", \"CVE-2019-2738\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2752\", \"CVE-2019-2755\", \"CVE-2019-2757\", \"CVE-2019-2758\", \"CVE-2019-2774\", \"CVE-2019-2778\", \"CVE-2019-2780\", \"CVE-2019-2784\", \"CVE-2019-2785\", \"CVE-2019-2789\", \"CVE-2019-2795\", \"CVE-2019-2796\", \"CVE-2019-2797\", \"CVE-2019-2798\", \"CVE-2019-2800\", \"CVE-2019-2801\", \"CVE-2019-2802\", \"CVE-2019-2803\", \"CVE-2019-2805\", \"CVE-2019-2808\", \"CVE-2019-2810\", \"CVE-2019-2811\", \"CVE-2019-2812\", \"CVE-2019-2814\", \"CVE-2019-2815\", \"CVE-2019-2819\", \"CVE-2019-2826\", \"CVE-2019-2830\", \"CVE-2019-2834\", \"CVE-2019-2879\", \"CVE-2019-2948\", \"CVE-2019-2950\", \"CVE-2019-2969\", \"CVE-2019-3003\");\n script_xref(name:\"RHSA\", value:\"2019:2511\");\n\n script_name(english:\"RHEL 8 : mysql:8.0 (RHSA-2019:2511)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for the mysql:8.0 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version:\nmysql (8.0.17).\n\nSecurity Fix(es) :\n\n* mysql: Server: Replication multiple unspecified vulnerabilities\n(CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534,\nCVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634,\nCVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities\n(CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529,\nCVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607,\nCVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686,\nCVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693,\nCVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774,\nCVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808,\nCVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830,\nCVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities\n(CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities\n(CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified\nvulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533,\nCVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620,\nCVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811,\nCVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities\n(CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626,\nCVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502,\nCVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593,\nCVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785,\nCVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability\n(CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities\n(CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities\n(CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability\n(CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability\n(CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities\n(CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability\n(CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability\n(CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability\n(CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2532\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-2969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3003\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2819\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/mysql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\nif ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);\n\nappstreams = {\n 'mysql:8.0': [\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'s390x', 'release':'8'},\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'s390x', 'release':'8'},\n {'reference':'mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-common-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-common-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-common-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-debugsource-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-debugsource-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-debugsource-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-devel-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-devel-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-devel-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-errmsg-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-errmsg-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-errmsg-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-libs-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-libs-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-libs-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-server-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-server-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-server-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-test-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-test-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-test-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'}\n ],\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-debugsource / mecab-ipadic / etc');\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-01-01T02:26:19", "description": "**MySQL 8.0.17**\n\nThis update brings the latest MySQL 8.0.17 which fixes severe security\nissues. Now available as both a standard package and a module!\n\nRelease notes :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-17.html\n\nMainatiner notes :\n\n - The MySQL Modules are now built from the same sources as\n the base packages, so the should be identical\n\n - The package is now being built with number of standard\n Fedora build flags that has not been used before. The\n package should be now more stable and secure.\n\n - In Modules, the bug #1729133 still exists\n\n - The MySQL 5.7 and 5.6 Modules may exists, but I'm out of\n capacity to maintain them. Whenever possible upgrade to\n MySQL 8.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 5.4, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}, "published": "2019-09-04T00:00:00", "title": "Fedora 29 : community-mysql (2019-96516ce0ac)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2740", "CVE-2019-2587", "CVE-2019-2614", "CVE-2019-2784", "CVE-2019-2596", "CVE-2019-2785", "CVE-2019-2580", "CVE-2019-2758", "CVE-2019-2778", "CVE-2019-2789", "CVE-2019-2737", "CVE-2019-2752", "CVE-2019-2581", "CVE-2019-2589", "CVE-2019-2738", "CVE-2019-2757", "CVE-2019-2739", "CVE-2019-2774", "CVE-2019-2607", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2780", "CVE-2019-2584", "CVE-2019-2755", "CVE-2019-2585"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:community-mysql"], "id": "FEDORA_2019-96516CE0AC.NASL", "href": "https://www.tenable.com/plugins/nessus/128484", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-96516ce0ac.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128484);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2019-2580\", \"CVE-2019-2581\", \"CVE-2019-2584\", \"CVE-2019-2585\", \"CVE-2019-2587\", \"CVE-2019-2589\", \"CVE-2019-2592\", \"CVE-2019-2593\", \"CVE-2019-2596\", \"CVE-2019-2606\", \"CVE-2019-2607\", \"CVE-2019-2614\", \"CVE-2019-2617\", \"CVE-2019-2620\", \"CVE-2019-2737\", \"CVE-2019-2738\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2752\", \"CVE-2019-2755\", \"CVE-2019-2757\", \"CVE-2019-2758\", \"CVE-2019-2774\", \"CVE-2019-2778\", \"CVE-2019-2780\", \"CVE-2019-2784\", \"CVE-2019-2785\", \"CVE-2019-2789\");\n script_xref(name:\"FEDORA\", value:\"2019-96516ce0ac\");\n\n script_name(english:\"Fedora 29 : community-mysql (2019-96516ce0ac)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**MySQL 8.0.17**\n\nThis update brings the latest MySQL 8.0.17 which fixes severe security\nissues. Now available as both a standard package and a module!\n\nRelease notes :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-17.html\n\nMainatiner notes :\n\n - The MySQL Modules are now built from the same sources as\n the base packages, so the should be identical\n\n - The package is now being built with number of standard\n Fedora build flags that has not been used before. The\n package should be now more stable and secure.\n\n - In Modules, the bug #1729133 still exists\n\n - The MySQL 5.7 and 5.6 Modules may exists, but I'm out of\n capacity to maintain them. Whenever possible upgrade to\n MySQL 8.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-96516ce0ac\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected community-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2778\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"community-mysql-8.0.17-2.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-01-01T02:27:24", "description": "**MySQL 8.0.17**\n\nThis update brings the latest MySQL 8.0.17 which fixes severe security\nissues. Now available as both a standard package and a module!\n\nRelease notes :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-17.html\n\nMainatiner notes :\n\n - The MySQL Modules are now built from the same sources as\n the base packages, so the should be identical\n\n - The package is now being built with number of standard\n Fedora build flags that has not been used before. The\n package should be now more stable and secure.\n\n - In Modules, the bug #1729133 still exists\n\n - The MySQL 5.7 and 5.6 Modules may exists, but I'm out of\n capacity to maintain them. Whenever possible upgrade to\n MySQL 8.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 5.4, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}, "published": "2019-09-04T00:00:00", "title": "Fedora 30 : community-mysql (2019-c106e46a95)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2740", "CVE-2019-2587", "CVE-2019-2614", "CVE-2019-2784", "CVE-2019-2596", "CVE-2019-2785", "CVE-2019-2580", "CVE-2019-2758", "CVE-2019-2778", "CVE-2019-2789", "CVE-2019-2737", "CVE-2019-2752", "CVE-2019-2581", "CVE-2019-2589", "CVE-2019-2738", "CVE-2019-2757", "CVE-2019-2739", "CVE-2019-2774", "CVE-2019-2607", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2780", "CVE-2019-2584", "CVE-2019-2755", "CVE-2019-2585"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:community-mysql"], "id": "FEDORA_2019-C106E46A95.NASL", "href": "https://www.tenable.com/plugins/nessus/128487", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-c106e46a95.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128487);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2019-2580\", \"CVE-2019-2581\", \"CVE-2019-2584\", \"CVE-2019-2585\", \"CVE-2019-2587\", \"CVE-2019-2589\", \"CVE-2019-2592\", \"CVE-2019-2593\", \"CVE-2019-2596\", \"CVE-2019-2606\", \"CVE-2019-2607\", \"CVE-2019-2614\", \"CVE-2019-2617\", \"CVE-2019-2620\", \"CVE-2019-2737\", \"CVE-2019-2738\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2752\", \"CVE-2019-2755\", \"CVE-2019-2757\", \"CVE-2019-2758\", \"CVE-2019-2774\", \"CVE-2019-2778\", \"CVE-2019-2780\", \"CVE-2019-2784\", \"CVE-2019-2785\", \"CVE-2019-2789\");\n script_xref(name:\"FEDORA\", value:\"2019-c106e46a95\");\n\n script_name(english:\"Fedora 30 : community-mysql (2019-c106e46a95)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**MySQL 8.0.17**\n\nThis update brings the latest MySQL 8.0.17 which fixes severe security\nissues. Now available as both a standard package and a module!\n\nRelease notes :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-17.html\n\nMainatiner notes :\n\n - The MySQL Modules are now built from the same sources as\n the base packages, so the should be identical\n\n - The package is now being built with number of standard\n Fedora build flags that has not been used before. The\n package should be now more stable and secure.\n\n - In Modules, the bug #1729133 still exists\n\n - The MySQL 5.7 and 5.6 Modules may exists, but I'm out of\n capacity to maintain them. Whenever possible upgrade to\n MySQL 8.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-c106e46a95\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected community-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2778\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"community-mysql-8.0.17-2.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "redhat": [{"lastseen": "2019-12-11T13:31:16", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2420", "CVE-2019-2434", "CVE-2019-2436", "CVE-2019-2455", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2486", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2507", "CVE-2019-2510", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2539", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2623", "CVE-2019-2624", "CVE-2019-2625", "CVE-2019-2626", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2634", "CVE-2019-2635", "CVE-2019-2636", "CVE-2019-2644", "CVE-2019-2681", "CVE-2019-2683", "CVE-2019-2685", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2688", "CVE-2019-2689", "CVE-2019-2691", "CVE-2019-2693", "CVE-2019-2694", "CVE-2019-2695", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879", "CVE-2019-2948", "CVE-2019-2950", "CVE-2019-2969", "CVE-2019-3003"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version: rh-mysql80-mysql (8.0.17).\n\nSecurity Fix(es):\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-10-31T20:25:11", "published": "2019-08-14T10:35:35", "id": "RHSA-2019:2484", "href": "https://access.redhat.com/errata/RHSA-2019:2484", "type": "redhat", "title": "(RHSA-2019:2484) Important: rh-mysql80-mysql security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-11-10T10:21:47", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2420", "CVE-2019-2434", "CVE-2019-2436", "CVE-2019-2455", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2486", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2507", "CVE-2019-2510", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2539", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2623", "CVE-2019-2624", "CVE-2019-2625", "CVE-2019-2626", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2634", "CVE-2019-2635", "CVE-2019-2636", "CVE-2019-2644", "CVE-2019-2681", "CVE-2019-2683", "CVE-2019-2685", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2688", "CVE-2019-2689", "CVE-2019-2691", "CVE-2019-2693", "CVE-2019-2694", "CVE-2019-2695", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879", "CVE-2019-2948", "CVE-2019-2950", "CVE-2019-2969", "CVE-2019-3003"], "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.17).\n\nSecurity Fix(es):\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-10-31T20:25:13", "published": "2019-08-15T21:31:05", "id": "RHSA-2019:2511", "href": "https://access.redhat.com/errata/RHSA-2019:2511", "type": "redhat", "title": "(RHSA-2019:2511) Important: mysql:8.0 security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2020-12-30T19:25:41", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2688", "CVE-2019-2634", "CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2685", "CVE-2019-2740", "CVE-2019-2683", "CVE-2019-2743", "CVE-2019-2529", "CVE-2019-2532", "CVE-2019-2795", "CVE-2019-2798", "CVE-2019-2587", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2019-2614", "CVE-2019-2784", "CVE-2019-2879", "CVE-2019-2689", "CVE-2019-2596", "CVE-2019-2785", "CVE-2019-2494", "CVE-2019-2695", "CVE-2019-2624", "CVE-2019-2531", "CVE-2019-2681", "CVE-2019-2580", "CVE-2019-2528", "CVE-2019-2808", "CVE-2019-2434", "CVE-2019-2758", "CVE-2019-2830", "CVE-2019-2805", "CVE-2019-2686", "CVE-2019-2486", "CVE-2019-2810", "CVE-2019-2482", "CVE-2019-2778", "CVE-2019-2826", "CVE-2019-2789", "CVE-2019-2687", "CVE-2019-2737", "CVE-2019-2530", "CVE-2019-2420", "CVE-2019-2623", "CVE-2019-2752", "CVE-2019-2581", "CVE-2019-2589", "CVE-2019-2691", "CVE-2019-2536", "CVE-2019-2738", "CVE-2019-2803", "CVE-2019-2537", "CVE-2019-2694", "CVE-2019-2630", "CVE-2019-2539", "CVE-2019-2636", "CVE-2019-2693", "CVE-2019-2436", "CVE-2019-2534", "CVE-2019-2631", "CVE-2019-2757", "CVE-2019-2510", "CVE-2019-2502", "CVE-2019-2815", "CVE-2019-2796", "CVE-2019-2535", "CVE-2019-2747", "CVE-2019-2739", "CVE-2019-2797", "CVE-2019-2628", "CVE-2019-2741", "CVE-2019-2635", "CVE-2019-2791", "CVE-2019-2644", "CVE-2019-2627", "CVE-2019-2774", "CVE-2019-2812", "CVE-2019-2607", "CVE-2019-2507", "CVE-2019-2533", "CVE-2019-2746", "CVE-2019-2503", "CVE-2019-2800", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2626", "CVE-2019-2495", "CVE-2019-2780", "CVE-2019-2834", "CVE-2019-2584", "CVE-2019-2822", "CVE-2019-2819", "CVE-2019-2755", "CVE-2019-2801", "CVE-2019-2585", "CVE-2019-2625", "CVE-2019-2481", "CVE-2019-2455"], "description": "mecab\n[0.996-1.9]\n- Release bump for rebuilding on new arches\n Related: #1518842\n[0.996-1.8]\n- skip %verify of /etc/opt/rh/rh-mysql57/mecabrc\n Resolves: #1382315\n[0.996-1.7]\n- Prefix library major number with SCL name in soname\n[0.996-1.6]\n- Require runtime package from the scl\n[0.996-1.5]\n- Convert to SCL package\n[0.996-1.4]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild\n[0.996-1.3]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild\n[0.996-1.2]\n- Rebuilt for GCC 5 C++11 ABI change\n[0.996-1.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild\n[0.996-1.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild\nmecab-ipadic\n[2.7.0.20070801-16.0.1]\n- Rename the LICENSE.Fedora to LICENSE.oracle\n[2.7.0.20070801-16]\n- Rename the LICENSE.fedora to LICENSE.rhel\n[2.7.0.20070801-15]\n- Release bump for rebuilding on new arches\n Related: #1518842\n[2.7.0.20070801-14.1]\n- Require runtime package from the scl\n[2.7.0.20070801-13.1]\n- Convert to SCL package\n[2.7.0.20070801-12.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild\n[2.7.0.20070801-11.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild\n[2.7.0.20070801-10.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild\n[2.7.0.20070801-9.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild\n[2.7.0.20070801-8.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild\n[2.7.0.20070801-7.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild\n[2.7.0.20070801-6.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild\n[2.7.0.20070801-5.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild\n[2.7.0.20070801-4.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild\n* Wed Jan 13 2010 Mamoru Tasaka \n- Fix URL for Source2\n[2.7.0.20070801-3]\n- F-12: Mass rebuild\n[2.7.0.20070801-2]\n- F-11: Mass rebuild\n[2.7.0.20070801.dist.1]\n- License update\n[2.7.0.20070801]\n- New release 2.7.0-20070801\n[2.7.0.20070610]\n- New release 2.7.0-20070610\n[2.7.0.20060707-2]\n- Fix typo\n[2.7.0.20060707-1]\n- Initial packaging, based on mecab-jumandic spec file\nmysql\n[8.0.17-3]\n- Use RELRO hardening on all binaries\n- Resolves: #1734420\n[8.0.17-2]\n- Use RELRO hardening on all binaries\n- Resolves: #1734420\n[8.0.17-1]\n- Rebase to 8.0.17\n- Resolves: #1732042\n- CVEs fixed:\n CVE-2019-2737 CVE-2019-2738 CVE-2019-2739 CVE-2019-2740 CVE-2019-2741\n CVE-2019-2743 CVE-2019-2746 CVE-2019-2747 CVE-2019-2752 CVE-2019-2755\n CVE-2019-2757 CVE-2019-2758 CVE-2019-2774 CVE-2019-2778 CVE-2019-2780\n CVE-2019-2784 CVE-2019-2785 CVE-2019-2789 CVE-2019-2791 CVE-2019-2795\n CVE-2019-2796 CVE-2019-2797 CVE-2019-2798 CVE-2019-2800 CVE-2019-2801\n CVE-2019-2802 CVE-2019-2803 CVE-2019-2805 CVE-2019-2808 CVE-2019-2810\n CVE-2019-2811 CVE-2019-2812 CVE-2019-2814 CVE-2019-2815 CVE-2019-2819\n CVE-2019-2822 CVE-2019-2826 CVE-2019-2830 CVE-2019-2834 CVE-2019-2879", "edition": 2, "modified": "2019-08-19T00:00:00", "published": "2019-08-19T00:00:00", "id": "ELSA-2019-2511", "href": "http://linux.oracle.com/errata/ELSA-2019-2511.html", "title": "mysql:8.0 security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2019-09-04T03:13:43", "published": "2019-09-04T03:13:43", "id": "FEDORA:A29B160972B0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: community-mysql-8.0.17-2.fc30", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-3133", "CVE-2018-3137", "CVE-2018-3143", "CVE-2018-3144", "CVE-2018-3145", "CVE-2018-3155", "CVE-2018-3156", "CVE-2018-3161", "CVE-2018-3162", "CVE-2018-3170", "CVE-2018-3171", "CVE-2018-3173", "CVE-2018-3174", "CVE-2018-3182", "CVE-2018-3185", "CVE-2018-3186", "CVE-2018-3187", "CVE-2018-3195", "CVE-2018-3200", "CVE-2018-3203", "CVE-2018-3212", "CVE-2018-3247", "CVE-2018-3251", "CVE-2018-3276", "CVE-2018-3277", "CVE-2018-3278", "CVE-2018-3279", "CVE-2018-3280", "CVE-2018-3282", "CVE-2018-3283", "CVE-2018-3284", "CVE-2018-3285", "CVE-2018-3286", "CVE-2019-2420", "CVE-2019-2434", "CVE-2019-2436", "CVE-2019-2455", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2486", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2507", "CVE-2019-2510", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2539", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2019-09-04T04:07:19", "published": "2019-09-04T04:07:19", "id": "FEDORA:DD3AE60954BE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: community-mysql-8.0.17-2.fc29", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "oracle": [{"lastseen": "2019-05-29T18:21:11", "bulletinFamily": "software", "cvelist": ["CVE-2019-2663", "CVE-2019-2688", "CVE-2019-2679", "CVE-2018-19362", "CVE-2017-5533", "CVE-2018-11218", "CVE-2015-9251", "CVE-2019-2634", "CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2677", "CVE-2019-2655", "CVE-2019-2678", "CVE-2019-2617", "CVE-2017-9798", "CVE-2019-2582", "CVE-2019-2618", "CVE-2019-2685", "CVE-2018-3693", "CVE-2018-0732", "CVE-2016-7103", "CVE-2019-2683", "CVE-2017-5753", "CVE-2019-2612", "CVE-2017-5754", "CVE-2018-1000180", "CVE-2019-2726", "CVE-2014-7923", "CVE-2018-1304", "CVE-2019-2616", "CVE-2017-8287", "CVE-2019-2704", "CVE-2019-2565", "CVE-2019-2587", "CVE-2019-2639", "CVE-2019-2703", "CVE-2018-1000004", "CVE-2019-2647", "CVE-2019-2574", "CVE-2019-2706", "CVE-2019-2598", "CVE-2019-2614", "CVE-2018-2880", "CVE-2018-7566", "CVE-2018-12384", "CVE-2015-5922", "CVE-2018-7489", "CVE-2018-19361", "CVE-2019-2689", "CVE-2019-2596", "CVE-2017-15265", "CVE-2018-0734", "CVE-2019-2700", "CVE-2019-2695", "CVE-2019-2624", "CVE-2019-2651", "CVE-2017-7867", "CVE-2019-2611", "CVE-2018-5407", "CVE-2019-0190", "CVE-2018-0495", "CVE-2019-2595", "CVE-2019-2681", "CVE-2017-3735", "CVE-2019-2603", "CVE-2019-2660", "CVE-2019-2580", "CVE-2018-15756", "CVE-2018-14719", "CVE-2019-3823", "CVE-2017-0861", "CVE-2019-2697", "CVE-2019-2517", "CVE-2019-2662", "CVE-2016-3092", "CVE-2019-2709", "CVE-2018-11039", "CVE-2018-11761", "CVE-2018-12539", "CVE-2019-2579", "CVE-2018-11307", "CVE-2019-2566", "CVE-2019-2576", "CVE-2019-2551", "CVE-2014-7940", "CVE-2018-14720", "CVE-2018-16865", "CVE-2019-2571", "CVE-2019-2664", "CVE-2015-1832", "CVE-2016-0635", "CVE-2019-2558", "CVE-2019-2686", "CVE-2018-3120", "CVE-2018-14718", "CVE-2019-2602", "CVE-2019-2722", "CVE-2019-2573", "CVE-2016-7055", "CVE-2019-2605", "CVE-2018-16864", "CVE-2018-10901", "CVE-2014-9515", "CVE-2019-2633", "CVE-2015-3253", "CVE-2017-3731", "CVE-2014-9654", "CVE-2019-2583", "CVE-2019-2601", "CVE-2019-2673", "CVE-2019-2650", "CVE-2019-2687", "CVE-2018-12022", "CVE-2019-2682", "CVE-2018-20685", "CVE-2016-1182", "CVE-2018-1258", "CVE-2019-2621", "CVE-2019-2640", "CVE-2019-2642", "CVE-2019-2567", "CVE-2018-1305", "CVE-2017-17484", "CVE-2019-2713", "CVE-2018-11219", "CVE-2019-2645", "CVE-2018-16890", "CVE-2018-12404", "CVE-2019-2623", "CVE-2019-2701", "CVE-2018-3646", "CVE-2018-11237", "CVE-2018-11775", "CVE-2019-2572", "CVE-2019-2720", "CVE-2018-0735", "CVE-2019-2692", "CVE-2019-2581", "CVE-2019-2589", "CVE-2018-6485", "CVE-2018-1257", "CVE-2019-2691", "CVE-2014-8147", "CVE-2019-2698", "CVE-2019-2712", "CVE-2017-8105", "CVE-2019-2646", "CVE-2018-14721", "CVE-2018-8088", "CVE-2019-3772", "CVE-2019-2694", "CVE-2018-3314", "CVE-2019-2619", "CVE-2014-0114", "CVE-2019-2630", "CVE-2017-3732", "CVE-2019-2613", "CVE-2019-2629", "CVE-2018-0739", "CVE-2019-2670", "CVE-2019-2636", "CVE-2019-2564", "CVE-2019-2693", "CVE-2019-2609", "CVE-2019-2577", "CVE-2018-8034", "CVE-2019-2631", "CVE-2019-2649", "CVE-2019-2578", "CVE-2019-2684", "CVE-2019-2699", "CVE-2019-2656", "CVE-2019-2653", "CVE-2019-2591", "CVE-2018-1000613", "CVE-2014-9911", "CVE-2019-2570", "CVE-2018-8013", "CVE-2016-7415", "CVE-2019-2648", "CVE-2019-2707", "CVE-2018-3620", "CVE-2019-2632", "CVE-2019-2628", "CVE-2018-0161", "CVE-2019-2641", "CVE-2018-11236", "CVE-2014-8146", "CVE-2017-7525", "CVE-2019-2723", "CVE-2019-2635", "CVE-2018-3123", "CVE-2019-2615", "CVE-2019-2638", "CVE-2019-2597", "CVE-2016-6293", "CVE-2018-3312", "CVE-2014-7926", "CVE-2019-2676", "CVE-2017-3733", "CVE-2017-5664", "CVE-2019-2696", "CVE-2018-19360", "CVE-2018-11763", "CVE-2018-0733", "CVE-2019-2654", "CVE-2019-2643", "CVE-2019-2644", "CVE-2018-17199", "CVE-2016-1181", "CVE-2019-2627", "CVE-2019-2708", "CVE-2019-2665", "CVE-2019-2658", "CVE-2016-8735", "CVE-2019-2424", "CVE-2018-17189", "CVE-2019-2516", "CVE-2017-3738", "CVE-2019-2607", "CVE-2019-2671", "CVE-2019-2705", "CVE-2019-2721", "CVE-2019-2588", "CVE-2019-2675", "CVE-2019-1559", "CVE-2019-2604", "CVE-2017-7868", "CVE-2019-2594", "CVE-2019-2669", "CVE-2018-11784", "CVE-2017-5645", "CVE-2019-2586", "CVE-2019-2661", "CVE-2019-2657", "CVE-2017-12617", "CVE-2019-3822", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2568", "CVE-2019-2690", "CVE-2019-2610", "CVE-2016-4000", "CVE-2017-3736", "CVE-2019-2702", "CVE-2019-2622", "CVE-2019-2626", "CVE-2019-2637", "CVE-2019-2518", "CVE-2018-0737", "CVE-2017-14952", "CVE-2014-0107", "CVE-2019-2674", "CVE-2019-2575", "CVE-2019-2652", "CVE-2019-2584", "CVE-2016-2141", "CVE-2019-2557", "CVE-2019-2719", "CVE-2019-2680", "CVE-2018-11040", "CVE-2017-3730", "CVE-2019-2659", "CVE-2019-2585", "CVE-2019-2625", "CVE-2016-1000031", "CVE-2019-2590", "CVE-2018-12023", "CVE-2018-1656", "CVE-2019-2600", "CVE-2019-2608"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 297 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2494878.1>).\n", "modified": "2019-05-28T00:00:00", "published": "2019-04-16T00:00:00", "id": "ORACLE:CPUAPR2019-5072813", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - April 2019", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:15:57", "bulletinFamily": "software", "cvelist": ["CVE-2014-0107", "CVE-2014-0114", "CVE-2014-7923", "CVE-2014-7926", "CVE-2014-7940", "CVE-2014-8146", "CVE-2014-8147", "CVE-2014-9515", "CVE-2014-9654", "CVE-2014-9911", "CVE-2015-1832", "CVE-2015-3253", "CVE-2015-5922", "CVE-2015-9251", "CVE-2016-0635", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2141", "CVE-2016-3092", "CVE-2016-4000", "CVE-2016-6293", "CVE-2016-7055", "CVE-2016-7103", "CVE-2016-7415", "CVE-2016-8735", "CVE-2017-0861", "CVE-2017-12617", "CVE-2017-14952", "CVE-2017-15265", "CVE-2017-17484", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-3733", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3738", "CVE-2017-5533", "CVE-2017-5645", "CVE-2017-5664", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-7525", "CVE-2017-7867", "CVE-2017-7868", "CVE-2017-8105", "CVE-2017-8287", "CVE-2017-9798", "CVE-2018-0161", "CVE-2018-0495", "CVE-2018-0732", "CVE-2018-0733", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-1000004", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-10901", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11218", "CVE-2018-11219", "CVE-2018-11236", "CVE-2018-11237", "CVE-2018-11307", "CVE-2018-11761", "CVE-2018-11763", "CVE-2018-11775", "CVE-2018-11784", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-12384", "CVE-2018-12404", "CVE-2018-12539", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-1656", "CVE-2018-16864", "CVE-2018-16865", "CVE-2018-16890", "CVE-2018-17189", "CVE-2018-17199", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-20685", "CVE-2018-2880", "CVE-2018-3120", "CVE-2018-3123", "CVE-2018-3312", "CVE-2018-3314", "CVE-2018-3620", "CVE-2018-3646", "CVE-2018-3693", "CVE-2018-5407", "CVE-2018-6485", "CVE-2018-7489", "CVE-2018-7566", "CVE-2018-8013", "CVE-2018-8034", "CVE-2018-8088", "CVE-2019-0190", "CVE-2019-1559", "CVE-2019-2424", "CVE-2019-2516", "CVE-2019-2517", "CVE-2019-2518", "CVE-2019-2551", "CVE-2019-2557", "CVE-2019-2558", "CVE-2019-2564", "CVE-2019-2565", "CVE-2019-2566", "CVE-2019-2567", "CVE-2019-2568", "CVE-2019-2570", "CVE-2019-2571", "CVE-2019-2572", "CVE-2019-2573", "CVE-2019-2574", "CVE-2019-2575", "CVE-2019-2576", "CVE-2019-2577", "CVE-2019-2578", "CVE-2019-2579", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2582", "CVE-2019-2583", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2586", "CVE-2019-2587", "CVE-2019-2588", "CVE-2019-2589", "CVE-2019-2590", "CVE-2019-2591", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2594", "CVE-2019-2595", "CVE-2019-2596", "CVE-2019-2597", "CVE-2019-2598", "CVE-2019-2600", "CVE-2019-2601", "CVE-2019-2602", "CVE-2019-2603", "CVE-2019-2604", "CVE-2019-2605", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2608", "CVE-2019-2609", "CVE-2019-2610", "CVE-2019-2611", "CVE-2019-2612", "CVE-2019-2613", "CVE-2019-2614", "CVE-2019-2615", "CVE-2019-2616", "CVE-2019-2617", "CVE-2019-2618", "CVE-2019-2619", "CVE-2019-2620", "CVE-2019-2621", "CVE-2019-2622", "CVE-2019-2623", "CVE-2019-2624", "CVE-2019-2625", "CVE-2019-2626", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2629", "CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2632", "CVE-2019-2633", "CVE-2019-2634", "CVE-2019-2635", "CVE-2019-2636", "CVE-2019-2637", "CVE-2019-2638", "CVE-2019-2639", "CVE-2019-2640", "CVE-2019-2641", "CVE-2019-2642", "CVE-2019-2643", "CVE-2019-2644", "CVE-2019-2645", "CVE-2019-2646", "CVE-2019-2647", "CVE-2019-2648", "CVE-2019-2649", "CVE-2019-2650", "CVE-2019-2651", "CVE-2019-2652", "CVE-2019-2653", "CVE-2019-2654", "CVE-2019-2655", "CVE-2019-2656", "CVE-2019-2657", "CVE-2019-2658", "CVE-2019-2659", "CVE-2019-2660", "CVE-2019-2661", "CVE-2019-2662", "CVE-2019-2663", "CVE-2019-2664", "CVE-2019-2665", "CVE-2019-2669", "CVE-2019-2670", "CVE-2019-2671", "CVE-2019-2673", "CVE-2019-2674", "CVE-2019-2675", "CVE-2019-2676", "CVE-2019-2677", "CVE-2019-2678", "CVE-2019-2679", "CVE-2019-2680", "CVE-2019-2681", "CVE-2019-2682", "CVE-2019-2683", "CVE-2019-2684", "CVE-2019-2685", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2688", "CVE-2019-2689", "CVE-2019-2690", "CVE-2019-2691", "CVE-2019-2692", "CVE-2019-2693", "CVE-2019-2694", "CVE-2019-2695", "CVE-2019-2696", "CVE-2019-2697", "CVE-2019-2698", "CVE-2019-2699", "CVE-2019-2700", "CVE-2019-2701", "CVE-2019-2702", "CVE-2019-2703", "CVE-2019-2704", "CVE-2019-2705", "CVE-2019-2706", "CVE-2019-2707", "CVE-2019-2708", "CVE-2019-2709", "CVE-2019-2712", "CVE-2019-2713", "CVE-2019-2719", "CVE-2019-2720", "CVE-2019-2721", "CVE-2019-2722", "CVE-2019-2723", "CVE-2019-2726", "CVE-2019-3772", "CVE-2019-3822", "CVE-2019-3823"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 297 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2494878.1>).\n", "modified": "2019-05-28T00:00:00", "published": "2019-04-16T00:00:00", "id": "ORACLE:CPUAPR2019", "href": "", "type": "oracle", "title": " Oracle Critical Patch Update Advisory - April 2019", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
