The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:3732 advisory.
Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. (CVE-2019-2911)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2914)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2938)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2946)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2957)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2960)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2963, CVE-2019-2968)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2966, CVE-2019-2967)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2974)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2982, CVE-2019-2998)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.017 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2019-2991)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2993)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2997, CVE-2020-2580)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-3004)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-3009)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-3011)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-3018)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14539)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14540)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14547)
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-14550)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2020-14553)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).
Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. (CVE-2020-14559)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14567)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14568, CVE-2020-14623)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14575, CVE-2020-14620)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14576)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14586, CVE-2020-14702, CVE-2021-2012)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14725)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14619)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14624)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14631)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14632)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data.
(CVE-2020-14633)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. (CVE-2020-14634)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. (CVE-2020-14641)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2020-14643, CVE-2020-14651)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14656)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14680, CVE-2021-2020)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14799)
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2570, CVE-2020-2573)
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2574)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2577)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2579)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. (CVE-2020-2584)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2588)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2589)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2627)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2660)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2679)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2686)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).
Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. (CVE-2020-2694)
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2752)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2759)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2020-2760)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2762, CVE-2020-2893, CVE-2020-2895)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2763)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2765)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2770)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2780)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2804)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2812)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2814)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).
Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2896)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2898)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling).
Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2903)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).
Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2921)
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.
Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. (CVE-2020-2922)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2925)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS).
Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2926)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2930)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2021-1998)
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2021-2006)
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.
Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. (CVE-2021-2007)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2009)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2016)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. (CVE-2021-2019)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. (CVE-2021-2144)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2160)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2020:3732.
##
include('compat.inc');
if (description)
{
script_id(184570);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/07");
script_cve_id(
"CVE-2019-2911",
"CVE-2019-2914",
"CVE-2019-2938",
"CVE-2019-2946",
"CVE-2019-2957",
"CVE-2019-2960",
"CVE-2019-2963",
"CVE-2019-2966",
"CVE-2019-2967",
"CVE-2019-2968",
"CVE-2019-2974",
"CVE-2019-2982",
"CVE-2019-2991",
"CVE-2019-2993",
"CVE-2019-2997",
"CVE-2019-2998",
"CVE-2019-3004",
"CVE-2019-3009",
"CVE-2019-3011",
"CVE-2019-3018",
"CVE-2020-2570",
"CVE-2020-2573",
"CVE-2020-2574",
"CVE-2020-2577",
"CVE-2020-2579",
"CVE-2020-2580",
"CVE-2020-2584",
"CVE-2020-2588",
"CVE-2020-2589",
"CVE-2020-2627",
"CVE-2020-2660",
"CVE-2020-2679",
"CVE-2020-2686",
"CVE-2020-2694",
"CVE-2020-2752",
"CVE-2020-2759",
"CVE-2020-2760",
"CVE-2020-2761",
"CVE-2020-2762",
"CVE-2020-2763",
"CVE-2020-2765",
"CVE-2020-2770",
"CVE-2020-2774",
"CVE-2020-2779",
"CVE-2020-2780",
"CVE-2020-2804",
"CVE-2020-2812",
"CVE-2020-2814",
"CVE-2020-2853",
"CVE-2020-2892",
"CVE-2020-2893",
"CVE-2020-2895",
"CVE-2020-2896",
"CVE-2020-2897",
"CVE-2020-2898",
"CVE-2020-2901",
"CVE-2020-2903",
"CVE-2020-2904",
"CVE-2020-2921",
"CVE-2020-2922",
"CVE-2020-2923",
"CVE-2020-2924",
"CVE-2020-2925",
"CVE-2020-2926",
"CVE-2020-2928",
"CVE-2020-2930",
"CVE-2020-14539",
"CVE-2020-14540",
"CVE-2020-14547",
"CVE-2020-14550",
"CVE-2020-14553",
"CVE-2020-14559",
"CVE-2020-14567",
"CVE-2020-14568",
"CVE-2020-14575",
"CVE-2020-14576",
"CVE-2020-14586",
"CVE-2020-14597",
"CVE-2020-14614",
"CVE-2020-14619",
"CVE-2020-14620",
"CVE-2020-14623",
"CVE-2020-14624",
"CVE-2020-14631",
"CVE-2020-14632",
"CVE-2020-14633",
"CVE-2020-14634",
"CVE-2020-14641",
"CVE-2020-14643",
"CVE-2020-14651",
"CVE-2020-14654",
"CVE-2020-14656",
"CVE-2020-14663",
"CVE-2020-14678",
"CVE-2020-14680",
"CVE-2020-14697",
"CVE-2020-14702",
"CVE-2020-14725",
"CVE-2020-14799",
"CVE-2021-1998",
"CVE-2021-2006",
"CVE-2021-2007",
"CVE-2021-2009",
"CVE-2021-2012",
"CVE-2021-2016",
"CVE-2021-2019",
"CVE-2021-2020",
"CVE-2021-2144",
"CVE-2021-2160"
);
script_xref(name:"IAVA", value:"2019-A-0383-S");
script_xref(name:"IAVA", value:"2020-A-0021-S");
script_xref(name:"IAVA", value:"2020-A-0143-S");
script_xref(name:"IAVA", value:"2020-A-0321-S");
script_xref(name:"IAVA", value:"2020-A-0473-S");
script_xref(name:"IAVA", value:"2021-A-0038-S");
script_xref(name:"IAVA", value:"2021-A-0193-S");
script_xref(name:"RLSA", value:"2020:3732");
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_xref(name:"CEA-ID", value:"CEA-2021-0004");
script_name(english:"Rocky Linux 8 : mysql:8.0 (RLSA-2020:3732)");
script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
RLSA-2020:3732 advisory.
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported
versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset
of MySQL Server accessible data. (CVE-2019-2911)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2914)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2019-2938)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that
are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2019-2946)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2019-2957)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported
versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability
allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2960)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server. (CVE-2019-2963, CVE-2019-2968)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2019-2966, CVE-2019-2967)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2974)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2019-2982, CVE-2019-2998)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.017 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server
accessible data. (CVE-2019-2991)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions
that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2019-2993)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions
that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2019-2997, CVE-2020-2580)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions
that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2019-3004)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported
versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2019-3009)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions
that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2019-3011)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server. (CVE-2019-3018)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14539)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions
that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2020-14540)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability
allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14547)
- Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are
affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability
allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Client. (CVE-2020-14550)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported
versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability
allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to
some of MySQL Server accessible data. (CVE-2020-14553)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).
Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily
exploitable vulnerability allows low privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access
to a subset of MySQL Server accessible data. (CVE-2020-14559)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported
versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability
allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server. (CVE-2020-14567)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server. (CVE-2020-14568, CVE-2020-14623)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions
that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2020-14575, CVE-2020-14620)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions
that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2020-14576)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2020-14586, CVE-2020-14702, CVE-2021-2012)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14725)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions
that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2020-14619)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions
that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2020-14624)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported
versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2020-14631)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions
that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2020-14632)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized update, insert or delete access to some of MySQL Server accessible data.
(CVE-2020-14633)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized read access to a subset of MySQL Server accessible data. (CVE-2020-14634)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported
versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server
accessible data. (CVE-2020-14641)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported
versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server
accessible data. (CVE-2020-14643, CVE-2020-14651)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions
that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2020-14656)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. (CVE-2020-14663, CVE-2020-14678,
CVE-2020-14697)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2020-14680, CVE-2021-2020)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2020-14799)
- Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are
affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows
unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Client. (CVE-2020-2570, CVE-2020-2573)
- Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are
affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability
allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2574)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2020-2577)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2579)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions
that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows
high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized access to critical data or complete access to all
MySQL Server accessible data. (CVE-2020-2584)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions
that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2020-2588)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2020-2589)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions
that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2020-2627)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability
allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2660)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2020-2679)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2020-2686)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).
Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server
accessible data. (CVE-2020-2694)
- Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are
affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability
allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2752)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported
versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2020-2759)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of
MySQL Server accessible data. (CVE-2020-2760)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server. (CVE-2020-2762, CVE-2020-2893, CVE-2020-2895)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported
versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2763)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability
allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2765)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions
that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2020-2770)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions
that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2780)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported
versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to
exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2804)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported
versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2812)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability
allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2814)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923,
CVE-2020-2924, CVE-2020-2928)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).
Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2020-2896)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported
version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server. (CVE-2020-2898)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling).
Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2020-2903)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).
Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2020-2921)
- Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are
affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability
allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.
Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL
Client accessible data. (CVE-2020-2922)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that
are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server. (CVE-2020-2925)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS).
Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2020-2926)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions
that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2020-2930)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server
accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL
Server. (CVE-2021-1998)
- Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are
affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Client. (CVE-2021-2006)
- Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are
affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability
allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.
Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL
Client accessible data. (CVE-2021-2007)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported
versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2021-2009)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2021-2016)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server
accessible data. (CVE-2021-2019)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions
that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. (CVE-2021-2144)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability
allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2160)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2020:3732");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764675");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764676");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764680");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764681");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764684");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764685");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764686");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764687");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764688");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764689");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764691");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764692");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764693");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764694");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764695");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764696");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764698");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764699");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764700");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764701");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1796880");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1796881");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1796882");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1796883");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1796884");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1796885");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1796886");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1796887");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1796888");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1796889");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1796905");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1798559");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1798576");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1798587");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830048");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830049");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830050");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830051");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830052");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830053");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830054");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830055");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830056");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830058");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830059");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830060");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830061");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830062");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830064");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830066");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830067");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830068");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830069");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830070");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830071");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830072");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830073");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830074");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830075");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830076");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830077");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830078");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830079");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1830082");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1835849");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1835850");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865945");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865947");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865948");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865949");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865950");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865951");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865952");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865953");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865954");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865955");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865956");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865958");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865959");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865960");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865961");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865962");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865963");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865964");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865965");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865966");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865967");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865968");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865969");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865970");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865971");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865972");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865973");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865974");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865975");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865976");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865977");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1865982");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1874040");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-2144");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/15");
script_set_attribute(attribute:"patch_publication_date", value:"2020/09/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mecab");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mecab-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mecab-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mecab-ipadic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mecab-ipadic-EUCJP");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-errmsg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-libs-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-server-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-test-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:8");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Rocky Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);
if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);
var module_ver = get_kb_item('Host/RockyLinux/appstream/mysql');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');
if ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);
var appstreams = {
'mysql:8.0': [
{'reference':'mecab-0.996-1.module+el8.3.0+242+87d3366a.9', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-0.996-1.module+el8.3.0+242+87d3366a.9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-debuginfo-0.996-1.module+el8.3.0+242+87d3366a.9', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-debuginfo-0.996-1.module+el8.3.0+242+87d3366a.9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-debugsource-0.996-1.module+el8.3.0+242+87d3366a.9', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-debugsource-0.996-1.module+el8.3.0+242+87d3366a.9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.3.0+242+87d3366a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.3.0+242+87d3366a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.3.0+242+87d3366a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.3.0+242+87d3366a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-common-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-common-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-debuginfo-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-debuginfo-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-debugsource-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-debugsource-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-devel-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-devel-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-devel-debuginfo-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-devel-debuginfo-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-errmsg-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-errmsg-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-libs-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-libs-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-libs-debuginfo-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-libs-debuginfo-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-server-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-server-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-server-debuginfo-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-server-debuginfo-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-test-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-test-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-test-debuginfo-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-test-debuginfo-8.0.21-1.module+el8.3.0+242+87d3366a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
};
var flag = 0;
var appstreams_found = 0;
foreach var module (keys(appstreams)) {
var appstream = NULL;
var appstream_name = NULL;
var appstream_version = NULL;
var appstream_split = split(module, sep:':', keep:FALSE);
if (!empty_or_null(appstream_split)) {
appstream_name = appstream_split[0];
appstream_version = appstream_split[1];
if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RockyLinux/appstream/' + appstream_name);
}
if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
appstreams_found++;
foreach var package_array ( appstreams[module] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
}
if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-debuginfo / mecab-debugsource / mecab-ipadic / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
rocky | linux | mecab | p-cpe:/a:rocky:linux:mecab |
rocky | linux | mecab-debuginfo | p-cpe:/a:rocky:linux:mecab-debuginfo |
rocky | linux | mecab-debugsource | p-cpe:/a:rocky:linux:mecab-debugsource |
rocky | linux | mecab-ipadic | p-cpe:/a:rocky:linux:mecab-ipadic |
rocky | linux | mecab-ipadic-eucjp | p-cpe:/a:rocky:linux:mecab-ipadic-eucjp |
rocky | linux | mysql | p-cpe:/a:rocky:linux:mysql |
rocky | linux | mysql-common | p-cpe:/a:rocky:linux:mysql-common |
rocky | linux | mysql-debuginfo | p-cpe:/a:rocky:linux:mysql-debuginfo |
rocky | linux | mysql-debugsource | p-cpe:/a:rocky:linux:mysql-debugsource |
rocky | linux | mysql-devel | p-cpe:/a:rocky:linux:mysql-devel |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2911
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2914
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2938
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2946
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2957
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2968
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2982
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2991
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2993
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2997
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2998
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3004
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3009
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3018
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14539
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14540
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14547
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14550
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14553
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14559
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14567
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14568
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14575
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14576
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14586
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14597
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14614
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14619
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14620
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14623
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14624
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14631
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14632
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14633
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14634
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14643
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14651
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14654
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14656
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14663
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14678
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14680
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14697
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14702
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14725
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2570
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2573
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2574
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2577
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2579
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2580
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2584
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2588
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2589
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2627
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2660
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2679
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2686
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2694
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2759
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2760
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2761
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2762
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2763
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2765
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2770
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2774
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2779
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2780
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2804
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2812
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2814
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2853
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2892
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2893
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2895
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2896
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2897
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2898
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2901
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2903
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2904
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2921
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2922
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2923
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2924
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2925
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2926
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2928
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2930
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1998
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2007
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2009
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2016
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2019
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2020
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2144
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2160
bugzilla.redhat.com/show_bug.cgi?id=1764675
bugzilla.redhat.com/show_bug.cgi?id=1764676
bugzilla.redhat.com/show_bug.cgi?id=1764680
bugzilla.redhat.com/show_bug.cgi?id=1764681
bugzilla.redhat.com/show_bug.cgi?id=1764684
bugzilla.redhat.com/show_bug.cgi?id=1764685
bugzilla.redhat.com/show_bug.cgi?id=1764686
bugzilla.redhat.com/show_bug.cgi?id=1764687
bugzilla.redhat.com/show_bug.cgi?id=1764688
bugzilla.redhat.com/show_bug.cgi?id=1764689
bugzilla.redhat.com/show_bug.cgi?id=1764691
bugzilla.redhat.com/show_bug.cgi?id=1764692
bugzilla.redhat.com/show_bug.cgi?id=1764693
bugzilla.redhat.com/show_bug.cgi?id=1764694
bugzilla.redhat.com/show_bug.cgi?id=1764695
bugzilla.redhat.com/show_bug.cgi?id=1764696
bugzilla.redhat.com/show_bug.cgi?id=1764698
bugzilla.redhat.com/show_bug.cgi?id=1764699
bugzilla.redhat.com/show_bug.cgi?id=1764700
bugzilla.redhat.com/show_bug.cgi?id=1764701
bugzilla.redhat.com/show_bug.cgi?id=1796880
bugzilla.redhat.com/show_bug.cgi?id=1796881
bugzilla.redhat.com/show_bug.cgi?id=1796882
bugzilla.redhat.com/show_bug.cgi?id=1796883
bugzilla.redhat.com/show_bug.cgi?id=1796884
bugzilla.redhat.com/show_bug.cgi?id=1796885
bugzilla.redhat.com/show_bug.cgi?id=1796886
bugzilla.redhat.com/show_bug.cgi?id=1796887
bugzilla.redhat.com/show_bug.cgi?id=1796888
bugzilla.redhat.com/show_bug.cgi?id=1796889
bugzilla.redhat.com/show_bug.cgi?id=1796905
bugzilla.redhat.com/show_bug.cgi?id=1798559
bugzilla.redhat.com/show_bug.cgi?id=1798576
bugzilla.redhat.com/show_bug.cgi?id=1798587
bugzilla.redhat.com/show_bug.cgi?id=1830048
bugzilla.redhat.com/show_bug.cgi?id=1830049
bugzilla.redhat.com/show_bug.cgi?id=1830050
bugzilla.redhat.com/show_bug.cgi?id=1830051
bugzilla.redhat.com/show_bug.cgi?id=1830052
bugzilla.redhat.com/show_bug.cgi?id=1830053
bugzilla.redhat.com/show_bug.cgi?id=1830054
bugzilla.redhat.com/show_bug.cgi?id=1830055
bugzilla.redhat.com/show_bug.cgi?id=1830056
bugzilla.redhat.com/show_bug.cgi?id=1830058
bugzilla.redhat.com/show_bug.cgi?id=1830059
bugzilla.redhat.com/show_bug.cgi?id=1830060
bugzilla.redhat.com/show_bug.cgi?id=1830061
bugzilla.redhat.com/show_bug.cgi?id=1830062
bugzilla.redhat.com/show_bug.cgi?id=1830064
bugzilla.redhat.com/show_bug.cgi?id=1830066
bugzilla.redhat.com/show_bug.cgi?id=1830067
bugzilla.redhat.com/show_bug.cgi?id=1830068
bugzilla.redhat.com/show_bug.cgi?id=1830069
bugzilla.redhat.com/show_bug.cgi?id=1830070
bugzilla.redhat.com/show_bug.cgi?id=1830071
bugzilla.redhat.com/show_bug.cgi?id=1830072
bugzilla.redhat.com/show_bug.cgi?id=1830073
bugzilla.redhat.com/show_bug.cgi?id=1830074
bugzilla.redhat.com/show_bug.cgi?id=1830075
bugzilla.redhat.com/show_bug.cgi?id=1830076
bugzilla.redhat.com/show_bug.cgi?id=1830077
bugzilla.redhat.com/show_bug.cgi?id=1830078
bugzilla.redhat.com/show_bug.cgi?id=1830079
bugzilla.redhat.com/show_bug.cgi?id=1830082
bugzilla.redhat.com/show_bug.cgi?id=1835849
bugzilla.redhat.com/show_bug.cgi?id=1835850
bugzilla.redhat.com/show_bug.cgi?id=1865945
bugzilla.redhat.com/show_bug.cgi?id=1865947
bugzilla.redhat.com/show_bug.cgi?id=1865948
bugzilla.redhat.com/show_bug.cgi?id=1865949
bugzilla.redhat.com/show_bug.cgi?id=1865950
bugzilla.redhat.com/show_bug.cgi?id=1865951
bugzilla.redhat.com/show_bug.cgi?id=1865952
bugzilla.redhat.com/show_bug.cgi?id=1865953
bugzilla.redhat.com/show_bug.cgi?id=1865954
bugzilla.redhat.com/show_bug.cgi?id=1865955
bugzilla.redhat.com/show_bug.cgi?id=1865956
bugzilla.redhat.com/show_bug.cgi?id=1865958
bugzilla.redhat.com/show_bug.cgi?id=1865959
bugzilla.redhat.com/show_bug.cgi?id=1865960
bugzilla.redhat.com/show_bug.cgi?id=1865961
bugzilla.redhat.com/show_bug.cgi?id=1865962
bugzilla.redhat.com/show_bug.cgi?id=1865963
bugzilla.redhat.com/show_bug.cgi?id=1865964
bugzilla.redhat.com/show_bug.cgi?id=1865965
bugzilla.redhat.com/show_bug.cgi?id=1865966
bugzilla.redhat.com/show_bug.cgi?id=1865967
bugzilla.redhat.com/show_bug.cgi?id=1865968
bugzilla.redhat.com/show_bug.cgi?id=1865969
bugzilla.redhat.com/show_bug.cgi?id=1865970
bugzilla.redhat.com/show_bug.cgi?id=1865971
bugzilla.redhat.com/show_bug.cgi?id=1865972
bugzilla.redhat.com/show_bug.cgi?id=1865973
bugzilla.redhat.com/show_bug.cgi?id=1865974
bugzilla.redhat.com/show_bug.cgi?id=1865975
bugzilla.redhat.com/show_bug.cgi?id=1865976
bugzilla.redhat.com/show_bug.cgi?id=1865977
bugzilla.redhat.com/show_bug.cgi?id=1865982
bugzilla.redhat.com/show_bug.cgi?id=1874040
errata.rockylinux.org/RLSA-2020:3732