The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7119 advisory.
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2481)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35546)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35575, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21297)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via MySQL Protcol to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35577)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Error Handling). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35596)
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2021-35597)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35602)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35604)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35607)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).
Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35608)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35610, CVE-2022-21278)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35612)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35622)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.
(CVE-2021-35623)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. (CVE-2021-35624)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. (CVE-2021-35625)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. (CVE-2021-35630)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35631)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35632)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2021-35633)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35637)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35639)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35640)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35648)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21245)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21249)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21253, CVE-2022-21264, CVE-2022-21339, CVE-2022-21342, CVE-2022-21370)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21254)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).
Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21256, CVE-2022-21379)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21265)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21270)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21301)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21302)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21303)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21304)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21344)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21348)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21351)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21352)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21358)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).
Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21362, CVE-2022-21374)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21367)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).
Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21368)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21372)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21378)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21452, CVE-2022-21462, CVE-2022-21607, CVE-2023-21866)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21413)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21415)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21417)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.
(CVE-2022-21418)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.
(CVE-2022-21423)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21425)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21427)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21440, CVE-2022-21459, CVE-2022-21478)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21444)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21451)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).
Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21454)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. (CVE-2022-21455)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. (CVE-2022-21457)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. (CVE-2022-21460)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data.
(CVE-2022-21479)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21509, CVE-2022-21527, CVE-2022-21528, CVE-2023-21872)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21515)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21517, CVE-2022-21537)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21522)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21525, CVE-2022-21526, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21638, CVE-2022-21641)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21534)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21538)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21539)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21547)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21556)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21569)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. (CVE-2022-21592)
Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21595)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. (CVE-2022-21600)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21605)
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21635)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2022:7119.
##
include('compat.inc');
if (description)
{
script_id(185005);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/07");
script_cve_id(
"CVE-2021-2478",
"CVE-2021-2479",
"CVE-2021-2481",
"CVE-2021-35546",
"CVE-2021-35575",
"CVE-2021-35577",
"CVE-2021-35591",
"CVE-2021-35596",
"CVE-2021-35597",
"CVE-2021-35602",
"CVE-2021-35604",
"CVE-2021-35607",
"CVE-2021-35608",
"CVE-2021-35610",
"CVE-2021-35612",
"CVE-2021-35622",
"CVE-2021-35623",
"CVE-2021-35624",
"CVE-2021-35625",
"CVE-2021-35626",
"CVE-2021-35627",
"CVE-2021-35628",
"CVE-2021-35630",
"CVE-2021-35631",
"CVE-2021-35632",
"CVE-2021-35633",
"CVE-2021-35634",
"CVE-2021-35635",
"CVE-2021-35636",
"CVE-2021-35637",
"CVE-2021-35638",
"CVE-2021-35639",
"CVE-2021-35640",
"CVE-2021-35641",
"CVE-2021-35642",
"CVE-2021-35643",
"CVE-2021-35644",
"CVE-2021-35645",
"CVE-2021-35646",
"CVE-2021-35647",
"CVE-2021-35648",
"CVE-2022-21245",
"CVE-2022-21249",
"CVE-2022-21253",
"CVE-2022-21254",
"CVE-2022-21256",
"CVE-2022-21264",
"CVE-2022-21265",
"CVE-2022-21270",
"CVE-2022-21278",
"CVE-2022-21297",
"CVE-2022-21301",
"CVE-2022-21302",
"CVE-2022-21303",
"CVE-2022-21304",
"CVE-2022-21339",
"CVE-2022-21342",
"CVE-2022-21344",
"CVE-2022-21348",
"CVE-2022-21351",
"CVE-2022-21352",
"CVE-2022-21358",
"CVE-2022-21362",
"CVE-2022-21367",
"CVE-2022-21368",
"CVE-2022-21370",
"CVE-2022-21372",
"CVE-2022-21374",
"CVE-2022-21378",
"CVE-2022-21379",
"CVE-2022-21412",
"CVE-2022-21413",
"CVE-2022-21414",
"CVE-2022-21415",
"CVE-2022-21417",
"CVE-2022-21418",
"CVE-2022-21423",
"CVE-2022-21425",
"CVE-2022-21427",
"CVE-2022-21435",
"CVE-2022-21436",
"CVE-2022-21437",
"CVE-2022-21438",
"CVE-2022-21440",
"CVE-2022-21444",
"CVE-2022-21451",
"CVE-2022-21452",
"CVE-2022-21454",
"CVE-2022-21455",
"CVE-2022-21457",
"CVE-2022-21459",
"CVE-2022-21460",
"CVE-2022-21462",
"CVE-2022-21478",
"CVE-2022-21479",
"CVE-2022-21509",
"CVE-2022-21515",
"CVE-2022-21517",
"CVE-2022-21522",
"CVE-2022-21525",
"CVE-2022-21526",
"CVE-2022-21527",
"CVE-2022-21528",
"CVE-2022-21529",
"CVE-2022-21530",
"CVE-2022-21531",
"CVE-2022-21534",
"CVE-2022-21537",
"CVE-2022-21538",
"CVE-2022-21539",
"CVE-2022-21547",
"CVE-2022-21553",
"CVE-2022-21556",
"CVE-2022-21569",
"CVE-2022-21592",
"CVE-2022-21595",
"CVE-2022-21600",
"CVE-2022-21605",
"CVE-2022-21607",
"CVE-2022-21635",
"CVE-2022-21638",
"CVE-2022-21641",
"CVE-2023-21866",
"CVE-2023-21872"
);
script_xref(name:"IAVA", value:"2021-A-0487-S");
script_xref(name:"IAVA", value:"2022-A-0030-S");
script_xref(name:"IAVA", value:"2022-A-0168-S");
script_xref(name:"IAVA", value:"2022-A-0291-S");
script_xref(name:"IAVA", value:"2022-A-0432-S");
script_xref(name:"IAVA", value:"2023-A-0043-S");
script_xref(name:"RLSA", value:"2022:7119");
script_name(english:"Rocky Linux 8 : mysql:8.0 (RLSA-2022:7119)");
script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
RLSA-2022:7119 advisory.
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions
that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2021-2481)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported
versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2021-35546)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2021-35575, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634,
CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643,
CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21297)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via MySQL Protcol to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2021-35577)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Error Handling). Supported
versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2021-35596)
- Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are
affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Client. (CVE-2021-35597)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions
that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server
accessible data. (CVE-2021-35602)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of
MySQL Server accessible data. (CVE-2021-35604)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions
that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2021-35607)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).
Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows low
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2021-35608)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server
accessible data. (CVE-2021-35610, CVE-2022-21278)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server
accessible data. (CVE-2021-35612)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2021-35622)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported
versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.
(CVE-2021-35623)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or
modification access to critical data or all MySQL Server accessible data. (CVE-2021-35624)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server
accessible data. (CVE-2021-35625)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions
that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized creation, deletion or modification access to critical data or all
MySQL Server accessible data. (CVE-2021-35630)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions
that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2021-35631)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported
versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged
attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35632)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions
that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of
MySQL Server. (CVE-2021-35633)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that
are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server. (CVE-2021-35637)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported
versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2021-35639)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions
that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server
accessible data. (CVE-2021-35640)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions
that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2021-35648)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete
access to some of MySQL Server accessible data. (CVE-2022-21245)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions
that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of
MySQL Server. (CVE-2022-21249)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2022-21253, CVE-2022-21264, CVE-2022-21339, CVE-2022-21342, CVE-2022-21370)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2022-21254)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).
Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2022-21256, CVE-2022-21379)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server
accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL
Server. (CVE-2022-21265)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported
versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability
allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21270)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions
that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server
accessible data. (CVE-2022-21301)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server. (CVE-2022-21302)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported
versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability
allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21303)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions
that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2022-21304)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported
versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability
allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21344)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server. (CVE-2022-21348)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server
accessible data. (CVE-2022-21351)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server
accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. (CVE-2022-21352)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2022-21358)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).
Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2022-21362, CVE-2022-21374)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported
versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability
allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to
some of MySQL Server accessible data. (CVE-2022-21367)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).
Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL
Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and
unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21368)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service
(partial DOS) of MySQL Server. (CVE-2022-21372)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server
accessible data. (CVE-2022-21378)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437,
CVE-2022-21438, CVE-2022-21452, CVE-2022-21462, CVE-2022-21607, CVE-2023-21866)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions
that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2022-21413)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported
versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2022-21415)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2022-21417)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.
(CVE-2022-21418)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.
(CVE-2022-21423)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions
that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server
accessible data. (CVE-2022-21425)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions
that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2022-21427)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server
accessible data. (CVE-2022-21440, CVE-2022-21459, CVE-2022-21478)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions
that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows
high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2022-21444)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2022-21451)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).
Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21454)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported
versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized creation, deletion or modification access to critical data or all
MySQL Server accessible data. (CVE-2022-21455)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported
versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server
accessible data. (CVE-2022-21457)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions
that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows
high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized access to critical data or complete access to all
MySQL Server accessible data. (CVE-2022-21460)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data.
(CVE-2022-21479)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server
accessible data. (CVE-2022-21509, CVE-2022-21527, CVE-2022-21528, CVE-2023-21872)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions
that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2022-21515)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL
Server. (CVE-2022-21517, CVE-2022-21537)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported
versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2022-21522)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2022-21525, CVE-2022-21526, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531,
CVE-2022-21553, CVE-2022-21638, CVE-2022-21641)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported
versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2022-21534)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service
(partial DOS) of MySQL Server. (CVE-2022-21538)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well
as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause
a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21539)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported
versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2022-21547)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized creation, deletion or modification access to critical data or all
MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server. (CVE-2022-21556)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2022-21569)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable
vulnerability allows low privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset
of MySQL Server accessible data. (CVE-2022-21592)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are
affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. (CVE-2022-21595)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in takeover of MySQL Server. (CVE-2022-21600)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported
versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. (CVE-2022-21605)
- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are
affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server
accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. (CVE-2022-21635)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2022:7119");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016089");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016090");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016091");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016093");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016094");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016095");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016097");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016098");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016099");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016100");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016101");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016104");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016105");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016106");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016107");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016108");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016109");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016110");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016111");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016112");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016113");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016114");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016117");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016118");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016119");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016120");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016121");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016122");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016124");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016126");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016127");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016128");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016129");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016130");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016131");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016132");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016133");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016134");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016135");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016137");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2016138");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043620");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043621");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043622");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043623");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043624");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043625");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043626");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043627");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043628");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043629");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043630");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043631");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043632");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043633");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043634");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043635");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043636");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043637");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043638");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043639");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043640");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043641");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043642");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043643");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043644");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043645");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043646");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043647");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043648");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082636");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082637");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082638");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082639");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082640");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082641");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082642");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082643");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082644");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082645");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082646");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082647");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082648");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082649");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082650");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082651");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082652");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082653");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082654");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082655");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082656");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082657");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082658");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2082659");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2110940");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115283");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115284");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115285");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115286");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115287");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115288");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115289");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115290");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115291");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115292");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115293");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115294");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115295");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115296");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115297");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115298");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115299");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2115301");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2122604");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-21368");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-21600");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/10/19");
script_set_attribute(attribute:"patch_publication_date", value:"2022/10/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mecab");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mecab-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mecab-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mecab-ipadic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mecab-ipadic-EUCJP");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-errmsg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-libs-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-server-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mysql-test-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:8");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Rocky Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);
if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);
var module_ver = get_kb_item('Host/RockyLinux/appstream/mysql');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');
if ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);
var appstreams = {
'mysql:8.0': [
{'reference':'mecab-0.996-2.module+el8.6.0+1057+4d6a1721', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-0.996-2.module+el8.6.0+1057+4d6a1721', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-debuginfo-0.996-2.module+el8.6.0+1057+4d6a1721', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-debuginfo-0.996-2.module+el8.6.0+1057+4d6a1721', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-debugsource-0.996-2.module+el8.6.0+1057+4d6a1721', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-debugsource-0.996-2.module+el8.6.0+1057+4d6a1721', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.3.0+242+87d3366a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.3.0+242+87d3366a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.3.0+242+87d3366a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.3.0+242+87d3366a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-common-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-common-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-debuginfo-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-debuginfo-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-debugsource-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-debugsource-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-devel-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-devel-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-devel-debuginfo-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-devel-debuginfo-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-errmsg-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-errmsg-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-libs-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-libs-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-libs-debuginfo-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-libs-debuginfo-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-server-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-server-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-server-debuginfo-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-server-debuginfo-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-test-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-test-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-test-debuginfo-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-test-debuginfo-8.0.30-1.module+el8.6.0+1057+4d6a1721', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
};
var flag = 0;
var appstreams_found = 0;
foreach var module (keys(appstreams)) {
var appstream = NULL;
var appstream_name = NULL;
var appstream_version = NULL;
var appstream_split = split(module, sep:':', keep:FALSE);
if (!empty_or_null(appstream_split)) {
appstream_name = appstream_split[0];
appstream_version = appstream_split[1];
if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RockyLinux/appstream/' + appstream_name);
}
if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
appstreams_found++;
foreach var package_array ( appstreams[module] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
}
if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-debuginfo / mecab-debugsource / mecab-ipadic / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
rocky | linux | mecab | p-cpe:/a:rocky:linux:mecab |
rocky | linux | mecab-debuginfo | p-cpe:/a:rocky:linux:mecab-debuginfo |
rocky | linux | mecab-debugsource | p-cpe:/a:rocky:linux:mecab-debugsource |
rocky | linux | mecab-ipadic | p-cpe:/a:rocky:linux:mecab-ipadic |
rocky | linux | mecab-ipadic-eucjp | p-cpe:/a:rocky:linux:mecab-ipadic-eucjp |
rocky | linux | mysql | p-cpe:/a:rocky:linux:mysql |
rocky | linux | mysql-common | p-cpe:/a:rocky:linux:mysql-common |
rocky | linux | mysql-debuginfo | p-cpe:/a:rocky:linux:mysql-debuginfo |
rocky | linux | mysql-debugsource | p-cpe:/a:rocky:linux:mysql-debugsource |
rocky | linux | mysql-devel | p-cpe:/a:rocky:linux:mysql-devel |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2479
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2481
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35546
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35575
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35577
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35591
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35596
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35597
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35602
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35604
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35607
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35608
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35610
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35612
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35622
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35623
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35624
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35625
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35626
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35627
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35628
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35630
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35631
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35632
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35633
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35634
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35635
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35636
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35637
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35638
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35639
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35640
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35642
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35643
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35644
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35645
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35646
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35647
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35648
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21245
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21249
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21253
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21254
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21256
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21264
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21265
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21270
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21278
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21297
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21301
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21302
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21303
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21304
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21339
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21342
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21344
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21348
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21352
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21358
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21362
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21367
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21368
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21370
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21372
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21374
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21378
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21379
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21412
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21413
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21414
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21415
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21417
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21418
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21423
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21425
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21427
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21435
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21436
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21437
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21438
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21440
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21444
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21451
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21452
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21454
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21455
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21457
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21459
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21460
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21462
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21479
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21509
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21515
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21517
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21522
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21525
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21526
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21527
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21528
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21529
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21530
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21531
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21534
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21537
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21538
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21539
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21547
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21553
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21556
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21569
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21592
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21595
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21600
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21605
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21607
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21635
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21638
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21866
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21872
bugzilla.redhat.com/show_bug.cgi?id=2016089
bugzilla.redhat.com/show_bug.cgi?id=2016090
bugzilla.redhat.com/show_bug.cgi?id=2016091
bugzilla.redhat.com/show_bug.cgi?id=2016093
bugzilla.redhat.com/show_bug.cgi?id=2016094
bugzilla.redhat.com/show_bug.cgi?id=2016095
bugzilla.redhat.com/show_bug.cgi?id=2016097
bugzilla.redhat.com/show_bug.cgi?id=2016098
bugzilla.redhat.com/show_bug.cgi?id=2016099
bugzilla.redhat.com/show_bug.cgi?id=2016100
bugzilla.redhat.com/show_bug.cgi?id=2016101
bugzilla.redhat.com/show_bug.cgi?id=2016104
bugzilla.redhat.com/show_bug.cgi?id=2016105
bugzilla.redhat.com/show_bug.cgi?id=2016106
bugzilla.redhat.com/show_bug.cgi?id=2016107
bugzilla.redhat.com/show_bug.cgi?id=2016108
bugzilla.redhat.com/show_bug.cgi?id=2016109
bugzilla.redhat.com/show_bug.cgi?id=2016110
bugzilla.redhat.com/show_bug.cgi?id=2016111
bugzilla.redhat.com/show_bug.cgi?id=2016112
bugzilla.redhat.com/show_bug.cgi?id=2016113
bugzilla.redhat.com/show_bug.cgi?id=2016114
bugzilla.redhat.com/show_bug.cgi?id=2016117
bugzilla.redhat.com/show_bug.cgi?id=2016118
bugzilla.redhat.com/show_bug.cgi?id=2016119
bugzilla.redhat.com/show_bug.cgi?id=2016120
bugzilla.redhat.com/show_bug.cgi?id=2016121
bugzilla.redhat.com/show_bug.cgi?id=2016122
bugzilla.redhat.com/show_bug.cgi?id=2016124
bugzilla.redhat.com/show_bug.cgi?id=2016126
bugzilla.redhat.com/show_bug.cgi?id=2016127
bugzilla.redhat.com/show_bug.cgi?id=2016128
bugzilla.redhat.com/show_bug.cgi?id=2016129
bugzilla.redhat.com/show_bug.cgi?id=2016130
bugzilla.redhat.com/show_bug.cgi?id=2016131
bugzilla.redhat.com/show_bug.cgi?id=2016132
bugzilla.redhat.com/show_bug.cgi?id=2016133
bugzilla.redhat.com/show_bug.cgi?id=2016134
bugzilla.redhat.com/show_bug.cgi?id=2016135
bugzilla.redhat.com/show_bug.cgi?id=2016137
bugzilla.redhat.com/show_bug.cgi?id=2016138
bugzilla.redhat.com/show_bug.cgi?id=2043620
bugzilla.redhat.com/show_bug.cgi?id=2043621
bugzilla.redhat.com/show_bug.cgi?id=2043622
bugzilla.redhat.com/show_bug.cgi?id=2043623
bugzilla.redhat.com/show_bug.cgi?id=2043624
bugzilla.redhat.com/show_bug.cgi?id=2043625
bugzilla.redhat.com/show_bug.cgi?id=2043626
bugzilla.redhat.com/show_bug.cgi?id=2043627
bugzilla.redhat.com/show_bug.cgi?id=2043628
bugzilla.redhat.com/show_bug.cgi?id=2043629
bugzilla.redhat.com/show_bug.cgi?id=2043630
bugzilla.redhat.com/show_bug.cgi?id=2043631
bugzilla.redhat.com/show_bug.cgi?id=2043632
bugzilla.redhat.com/show_bug.cgi?id=2043633
bugzilla.redhat.com/show_bug.cgi?id=2043634
bugzilla.redhat.com/show_bug.cgi?id=2043635
bugzilla.redhat.com/show_bug.cgi?id=2043636
bugzilla.redhat.com/show_bug.cgi?id=2043637
bugzilla.redhat.com/show_bug.cgi?id=2043638
bugzilla.redhat.com/show_bug.cgi?id=2043639
bugzilla.redhat.com/show_bug.cgi?id=2043640
bugzilla.redhat.com/show_bug.cgi?id=2043641
bugzilla.redhat.com/show_bug.cgi?id=2043642
bugzilla.redhat.com/show_bug.cgi?id=2043643
bugzilla.redhat.com/show_bug.cgi?id=2043644
bugzilla.redhat.com/show_bug.cgi?id=2043645
bugzilla.redhat.com/show_bug.cgi?id=2043646
bugzilla.redhat.com/show_bug.cgi?id=2043647
bugzilla.redhat.com/show_bug.cgi?id=2043648
bugzilla.redhat.com/show_bug.cgi?id=2082636
bugzilla.redhat.com/show_bug.cgi?id=2082637
bugzilla.redhat.com/show_bug.cgi?id=2082638
bugzilla.redhat.com/show_bug.cgi?id=2082639
bugzilla.redhat.com/show_bug.cgi?id=2082640
bugzilla.redhat.com/show_bug.cgi?id=2082641
bugzilla.redhat.com/show_bug.cgi?id=2082642
bugzilla.redhat.com/show_bug.cgi?id=2082643
bugzilla.redhat.com/show_bug.cgi?id=2082644
bugzilla.redhat.com/show_bug.cgi?id=2082645
bugzilla.redhat.com/show_bug.cgi?id=2082646
bugzilla.redhat.com/show_bug.cgi?id=2082647
bugzilla.redhat.com/show_bug.cgi?id=2082648
bugzilla.redhat.com/show_bug.cgi?id=2082649
bugzilla.redhat.com/show_bug.cgi?id=2082650
bugzilla.redhat.com/show_bug.cgi?id=2082651
bugzilla.redhat.com/show_bug.cgi?id=2082652
bugzilla.redhat.com/show_bug.cgi?id=2082653
bugzilla.redhat.com/show_bug.cgi?id=2082654
bugzilla.redhat.com/show_bug.cgi?id=2082655
bugzilla.redhat.com/show_bug.cgi?id=2082656
bugzilla.redhat.com/show_bug.cgi?id=2082657
bugzilla.redhat.com/show_bug.cgi?id=2082658
bugzilla.redhat.com/show_bug.cgi?id=2082659
bugzilla.redhat.com/show_bug.cgi?id=2110940
bugzilla.redhat.com/show_bug.cgi?id=2115283
bugzilla.redhat.com/show_bug.cgi?id=2115284
bugzilla.redhat.com/show_bug.cgi?id=2115285
bugzilla.redhat.com/show_bug.cgi?id=2115286
bugzilla.redhat.com/show_bug.cgi?id=2115287
bugzilla.redhat.com/show_bug.cgi?id=2115288
bugzilla.redhat.com/show_bug.cgi?id=2115289
bugzilla.redhat.com/show_bug.cgi?id=2115290
bugzilla.redhat.com/show_bug.cgi?id=2115291
bugzilla.redhat.com/show_bug.cgi?id=2115292
bugzilla.redhat.com/show_bug.cgi?id=2115293
bugzilla.redhat.com/show_bug.cgi?id=2115294
bugzilla.redhat.com/show_bug.cgi?id=2115295
bugzilla.redhat.com/show_bug.cgi?id=2115296
bugzilla.redhat.com/show_bug.cgi?id=2115297
bugzilla.redhat.com/show_bug.cgi?id=2115298
bugzilla.redhat.com/show_bug.cgi?id=2115299
bugzilla.redhat.com/show_bug.cgi?id=2115301
bugzilla.redhat.com/show_bug.cgi?id=2122604
errata.rockylinux.org/RLSA-2022:7119