Description
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Components / Services). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Related
{"id": "RH:CVE-2019-2780", "vendorId": null, "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2019-2780", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Components / Services). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n", "published": "2019-07-22T14:39:52", "modified": "2022-06-08T05:35:30", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.0}, "severity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.2, "impactScore": 3.6}, "href": "https://access.redhat.com/security/cve/cve-2019-2780", "reporter": "redhat.com", "references": ["http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1732011"], "cvelist": ["CVE-2019-2780"], "immutableFields": [], "lastseen": "2022-06-08T08:12:35", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2019:2511"]}, {"type": "cve", "idList": ["CVE-2019-2780"]}, {"type": "f5", "idList": ["F5:K19194273"]}, {"type": "fedora", "idList": ["FEDORA:A29B160972B0", "FEDORA:DD3AE60954BE"]}, {"type": "freebsd", "idList": ["198E6220-AC8B-11E9-A1C7-B499BAEBFEAF"]}, {"type": "ibm", "idList": ["17DD2FC3DAC01BFB1E2178DA47F25229A0CD3E9D0AEE278A3C16F19757719E13"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2019-2511.NASL", "FEDORA_2019-96516CE0AC.NASL", "FEDORA_2019-C106E46A95.NASL", "FREEBSD_PKG_198E6220AC8B11E9A1C7B499BAEBFEAF.NASL", "MYSQL_8_0_17.NASL", "ORACLELINUX_ELSA-2019-2511.NASL", "REDHAT-RHSA-2019-2511.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310142658", "OPENVAS:1361412562310142659", "OPENVAS:1361412562310876745", "OPENVAS:1361412562310876754"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2019", "ORACLE:CPUJUL2019-5072835"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2511"]}, {"type": "photon", "idList": ["PHSA-2019-0248", "PHSA-2019-1.0-0248"]}, {"type": "redhat", "idList": ["RHSA-2019:2484", "RHSA-2019:2511"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-2780"]}], "rev": 4}, "score": {"value": 5.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2019:2511"]}, {"type": "cve", "idList": ["CVE-2019-2780"]}, {"type": "f5", "idList": ["F5:K19194273"]}, {"type": "fedora", "idList": ["FEDORA:A29B160972B0", "FEDORA:DD3AE60954BE"]}, {"type": "freebsd", "idList": ["198E6220-AC8B-11E9-A1C7-B499BAEBFEAF"]}, {"type": "ibm", "idList": ["17DD2FC3DAC01BFB1E2178DA47F25229A0CD3E9D0AEE278A3C16F19757719E13"]}, {"type": "nessus", "idList": ["FEDORA_2019-96516CE0AC.NASL", "FEDORA_2019-C106E46A95.NASL", "FREEBSD_PKG_198E6220AC8B11E9A1C7B499BAEBFEAF.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310142658", "OPENVAS:1361412562310142659", "OPENVAS:1361412562310876745", "OPENVAS:1361412562310876754"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2019-5072835"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2511"]}, {"type": "photon", "idList": ["PHSA-2019-0248"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-2780"]}]}, "exploitation": null, "vulnersScore": 5.7}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "vendorCvss": {"score": "4.9", "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}}
{"cve": [{"lastseen": "2022-03-23T22:45:31", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Components / Services). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.9, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-23T23:15:00", "type": "cve", "title": "CVE-2019-2780", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2780"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:oracle:mysql:8.0.16"], "id": "CVE-2019-2780", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2780", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:8.0.16:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2021-11-22T21:30:27", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:\nServer: Components / Services). Supported versions that are affected are\n8.0.16 and prior. Easily exploitable vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise MySQL\nServer. Successful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS) of\nMySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 8.x only\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2019-2780", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2780"], "modified": "2019-07-23T00:00:00", "id": "UB:CVE-2019-2780", "href": "https://ubuntu.com/security/CVE-2019-2780", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "f5": [{"lastseen": "2020-04-06T22:40:05", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 2.5}, "published": "2019-08-22T03:36:00", "type": "f5", "title": "MySQL vulnerabilities CVE-2019-2778, CVE-2019-2780, CVE-2019-2784, CVE-2019-2785, and CVE-2019-2789", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2778", "CVE-2019-2789", "CVE-2019-2780"], "modified": "2019-08-22T04:06:00", "id": "F5:K19194273", "href": "https://support.f5.com/csp/article/K19194273", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "openvas": [{"lastseen": "2019-07-30T13:53:14", "description": "Oracle MySQL is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-07-24T00:00:00", "type": "openvas", "title": "Oracle MySQL 8.0.x < 8.0.17 Security Update (2019-5072835) - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2795", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2019-2784", "CVE-2019-2879", "CVE-2019-2785", "CVE-2019-2808", "CVE-2019-2830", "CVE-2019-2810", "CVE-2019-2826", "CVE-2019-2789", "CVE-2019-2752", "CVE-2019-2803", "CVE-2019-2815", "CVE-2019-2796", "CVE-2019-2812", "CVE-2019-2800", "CVE-2019-2780", "CVE-2019-2834", "CVE-2019-2822", "CVE-2019-2801"], "modified": "2019-07-30T00:00:00", "id": "OPENVAS:1361412562310142659", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142659", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142659\");\n script_version(\"2019-07-30T07:04:43+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-30 07:04:43 +0000 (Tue, 30 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-24 02:18:35 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n\n script_cve_id(\"CVE-2019-2822\", \"CVE-2019-2800\", \"CVE-2019-2795\", \"CVE-2019-2812\", \"CVE-2019-2834\",\n \"CVE-2019-2785\", \"CVE-2019-2879\", \"CVE-2019-2780\", \"CVE-2019-2784\", \"CVE-2019-2801\",\n \"CVE-2019-2796\", \"CVE-2019-2802\", \"CVE-2019-2803\", \"CVE-2019-2808\", \"CVE-2019-2810\",\n \"CVE-2019-2815\", \"CVE-2019-2830\", \"CVE-2019-2752\", \"CVE-2019-2811\", \"CVE-2019-2826\",\n \"CVE-2019-2789\", \"CVE-2019-2814\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL 8.0.x < 8.0.17 Security Update (2019-5072835) - Windows\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"MySQL 8.0.16 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 8.0.17 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.16\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.17\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-07-30T13:53:15", "description": "Oracle MySQL is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-07-24T00:00:00", "type": "openvas", "title": "Oracle MySQL 8.0.x < 8.0.17 Security Update (2019-5072835) - Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2795", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2019-2784", "CVE-2019-2879", "CVE-2019-2785", "CVE-2019-2808", "CVE-2019-2830", "CVE-2019-2810", "CVE-2019-2826", "CVE-2019-2789", "CVE-2019-2752", "CVE-2019-2803", "CVE-2019-2815", "CVE-2019-2796", "CVE-2019-2812", "CVE-2019-2800", "CVE-2019-2780", "CVE-2019-2834", "CVE-2019-2822", "CVE-2019-2801"], "modified": "2019-07-30T00:00:00", "id": "OPENVAS:1361412562310142658", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142658", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142658\");\n script_version(\"2019-07-30T07:04:43+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-30 07:04:43 +0000 (Tue, 30 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-24 02:12:15 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n\n script_cve_id(\"CVE-2019-2822\", \"CVE-2019-2800\", \"CVE-2019-2795\", \"CVE-2019-2812\", \"CVE-2019-2834\",\n \"CVE-2019-2785\", \"CVE-2019-2879\", \"CVE-2019-2780\", \"CVE-2019-2784\", \"CVE-2019-2801\",\n \"CVE-2019-2796\", \"CVE-2019-2802\", \"CVE-2019-2803\", \"CVE-2019-2808\", \"CVE-2019-2810\",\n \"CVE-2019-2815\", \"CVE-2019-2830\", \"CVE-2019-2752\", \"CVE-2019-2811\", \"CVE-2019-2826\",\n \"CVE-2019-2789\", \"CVE-2019-2814\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL 8.0.x < 8.0.17 Security Update (2019-5072835) - Linux\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"MySQL 8.0.16 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 8.0.17 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.16\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.17\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-09-06T18:49:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-05T00:00:00", "type": "openvas", "title": "Fedora Update for community-mysql FEDORA-2019-c106e46a95", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2740", "CVE-2019-2587", "CVE-2019-2614", "CVE-2019-2784", "CVE-2019-2596", "CVE-2019-2785", "CVE-2019-2580", "CVE-2019-2758", "CVE-2019-2778", "CVE-2019-2789", "CVE-2019-2737", "CVE-2019-2752", "CVE-2019-2581", "CVE-2019-2589", "CVE-2019-2738", "CVE-2019-2757", "CVE-2019-2739", "CVE-2019-2774", "CVE-2019-2607", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2780", "CVE-2019-2584", "CVE-2019-2755", "CVE-2019-2585"], "modified": "2019-09-05T00:00:00", "id": "OPENVAS:1361412562310876754", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876754", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876754\");\n script_version(\"2019-09-05T09:53:24+0000\");\n script_cve_id(\"CVE-2019-2580\", \"CVE-2019-2581\", \"CVE-2019-2584\", \"CVE-2019-2585\", \"CVE-2019-2587\", \"CVE-2019-2589\", \"CVE-2019-2592\", \"CVE-2019-2593\", \"CVE-2019-2596\", \"CVE-2019-2606\", \"CVE-2019-2607\", \"CVE-2019-2614\", \"CVE-2019-2617\", \"CVE-2019-2620\", \"CVE-2019-2737\", \"CVE-2019-2738\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2752\", \"CVE-2019-2755\", \"CVE-2019-2757\", \"CVE-2019-2758\", \"CVE-2019-2774\", \"CVE-2019-2778\", \"CVE-2019-2780\", \"CVE-2019-2784\", \"CVE-2019-2785\", \"CVE-2019-2789\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-05 09:53:24 +0000 (Thu, 05 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-05 02:27:07 +0000 (Thu, 05 Sep 2019)\");\n script_name(\"Fedora Update for community-mysql FEDORA-2019-c106e46a95\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-c106e46a95\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the FEDORA-2019-c106e46a95 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\nclient/server implementation consisting of a server daemon (mysqld)\nand many different client programs and libraries. The base package\ncontains the standard MySQL client programs and generic MySQL files.\");\n\n script_tag(name:\"affected\", value:\"'community-mysql' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~8.0.17~2.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2019-09-06T18:49:41", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-05T00:00:00", "type": "openvas", "title": "Fedora Update for community-mysql FEDORA-2019-96516ce0ac", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-3170", "CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2617", "CVE-2019-2740", "CVE-2019-2529", "CVE-2019-2532", "CVE-2019-2587", "CVE-2018-3137", "CVE-2018-3174", "CVE-2018-3203", "CVE-2019-2614", "CVE-2019-2784", "CVE-2019-2596", "CVE-2019-2785", "CVE-2019-2494", "CVE-2018-3280", "CVE-2018-3247", "CVE-2019-2531", "CVE-2019-2580", "CVE-2019-2528", "CVE-2018-3285", "CVE-2019-2434", "CVE-2018-3282", "CVE-2019-2758", "CVE-2018-3145", "CVE-2018-3133", "CVE-2018-3182", "CVE-2019-2486", "CVE-2019-2482", "CVE-2019-2778", "CVE-2019-2789", "CVE-2018-3144", "CVE-2019-2737", "CVE-2018-3212", "CVE-2019-2530", "CVE-2018-3173", "CVE-2018-3187", "CVE-2018-3276", "CVE-2018-3156", "CVE-2019-2420", "CVE-2019-2752", "CVE-2019-2581", "CVE-2019-2589", "CVE-2019-2536", "CVE-2019-2738", "CVE-2018-3161", "CVE-2018-3251", "CVE-2019-2537", "CVE-2019-2539", "CVE-2018-3155", "CVE-2019-2436", "CVE-2019-2534", "CVE-2019-2757", "CVE-2019-2510", "CVE-2019-2502", "CVE-2018-3279", "CVE-2019-2535", "CVE-2018-3284", "CVE-2019-2739", "CVE-2018-3162", "CVE-2018-3278", "CVE-2018-3186", "CVE-2018-3171", "CVE-2018-3143", "CVE-2019-2774", "CVE-2018-3277", "CVE-2019-2607", "CVE-2019-2507", "CVE-2019-2533", "CVE-2018-3185", "CVE-2019-2503", "CVE-2019-2620", "CVE-2019-2593", "CVE-2018-3283", "CVE-2018-3286", "CVE-2019-2495", "CVE-2019-2780", "CVE-2018-3200", "CVE-2019-2584", "CVE-2018-3195", "CVE-2019-2755", "CVE-2019-2585", "CVE-2019-2481", "CVE-2019-2455"], "modified": "2019-09-05T00:00:00", "id": "OPENVAS:1361412562310876745", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876745", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876745\");\n script_version(\"2019-09-05T09:53:24+0000\");\n script_cve_id(\"CVE-2019-2420\", \"CVE-2019-2434\", \"CVE-2019-2436\", \"CVE-2019-2455\", \"CVE-2019-2481\", \"CVE-2019-2482\", \"CVE-2019-2486\", \"CVE-2019-2494\", \"CVE-2019-2495\", \"CVE-2019-2502\", \"CVE-2019-2503\", \"CVE-2019-2507\", \"CVE-2019-2510\", \"CVE-2019-2528\", \"CVE-2019-2529\", \"CVE-2019-2530\", \"CVE-2019-2531\", \"CVE-2019-2532\", \"CVE-2019-2533\", \"CVE-2019-2534\", \"CVE-2019-2535\", \"CVE-2019-2536\", \"CVE-2019-2537\", \"CVE-2019-2539\", \"CVE-2018-3276\", \"CVE-2018-3200\", \"CVE-2018-3137\", \"CVE-2018-3284\", \"CVE-2018-3195\", \"CVE-2018-3173\", \"CVE-2018-3212\", \"CVE-2018-3279\", \"CVE-2018-3162\", \"CVE-2018-3247\", \"CVE-2018-3156\", \"CVE-2018-3161\", \"CVE-2018-3278\", \"CVE-2018-3174\", \"CVE-2018-3282\", \"CVE-2018-3285\", \"CVE-2018-3187\", \"CVE-2018-3277\", \"CVE-2018-3144\", \"CVE-2018-3145\", \"CVE-2018-3170\", \"CVE-2018-3186\", \"CVE-2018-3182\", \"CVE-2018-3133\", \"CVE-2018-3143\", \"CVE-2018-3283\", \"CVE-2018-3171\", \"CVE-2018-3251\", \"CVE-2018-3286\", \"CVE-2018-3185\", \"CVE-2018-3280\", \"CVE-2018-3203\", \"CVE-2018-3155\", \"CVE-2019-2580\", \"CVE-2019-2581\", \"CVE-2019-2584\", \"CVE-2019-2585\", \"CVE-2019-2587\", \"CVE-2019-2589\", \"CVE-2019-2592\", \"CVE-2019-2593\", \"CVE-2019-2596\", \"CVE-2019-2606\", \"CVE-2019-2607\", \"CVE-2019-2614\", \"CVE-2019-2617\", \"CVE-2019-2620\", \"CVE-2019-2737\", \"CVE-2019-2738\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2752\", \"CVE-2019-2755\", \"CVE-2019-2757\", \"CVE-2019-2758\", \"CVE-2019-2774\", \"CVE-2019-2778\", \"CVE-2019-2780\", \"CVE-2019-2784\", \"CVE-2019-2785\", \"CVE-2019-2789\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-05 09:53:24 +0000 (Thu, 05 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-05 02:24:26 +0000 (Thu, 05 Sep 2019)\");\n script_name(\"Fedora Update for community-mysql FEDORA-2019-96516ce0ac\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-96516ce0ac\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the FEDORA-2019-96516ce0ac advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\nclient/server implementation consisting of a server daemon (mysqld)\nand many different client programs and libraries. The base package\ncontains the standard MySQL client programs and generic MySQL files.\");\n\n script_tag(name:\"affected\", value:\"'community-mysql' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~8.0.17~2.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "fedora": [{"lastseen": "2021-07-28T14:46:51", "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "baseScore": 5.5, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.2}, "published": "2019-09-04T03:13:43", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: community-mysql-8.0.17-2.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789"], "modified": "2019-09-04T03:13:43", "id": "FEDORA:A29B160972B0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-07-28T18:41:38", "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2019-09-04T04:07:19", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: community-mysql-8.0.17-2.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3133", "CVE-2018-3137", "CVE-2018-3143", "CVE-2018-3144", "CVE-2018-3145", "CVE-2018-3155", "CVE-2018-3156", "CVE-2018-3161", "CVE-2018-3162", "CVE-2018-3170", "CVE-2018-3171", "CVE-2018-3173", "CVE-2018-3174", "CVE-2018-3182", "CVE-2018-3185", "CVE-2018-3186", "CVE-2018-3187", "CVE-2018-3195", "CVE-2018-3200", "CVE-2018-3203", "CVE-2018-3212", "CVE-2018-3247", "CVE-2018-3251", "CVE-2018-3276", "CVE-2018-3277", "CVE-2018-3278", "CVE-2018-3279", "CVE-2018-3280", "CVE-2018-3282", "CVE-2018-3283", "CVE-2018-3284", "CVE-2018-3285", "CVE-2018-3286", "CVE-2019-2420", "CVE-2019-2434", "CVE-2019-2436", "CVE-2019-2455", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2486", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2507", "CVE-2019-2510", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2539", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789"], "modified": "2019-09-04T04:07:19", "id": "FEDORA:DD3AE60954BE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "nessus": [{"lastseen": "2021-10-16T00:25:34", "description": "**MySQL 8.0.17**\n\nThis update brings the latest MySQL 8.0.17 which fixes severe security issues. Now available as both a standard package and a module!\n\nRelease notes :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-17.html\n\nMainatiner notes :\n\n - The MySQL Modules are now built from the same sources as the base packages, so the should be identical\n\n - The package is now being built with number of standard Fedora build flags that has not been used before. The package should be now more stable and secure.\n\n - In Modules, the bug #1729133 still exists\n\n - The MySQL 5.7 and 5.6 Modules may exists, but I'm out of capacity to maintain them. Whenever possible upgrade to MySQL 8.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.4, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}, "published": "2019-09-04T00:00:00", "type": "nessus", "title": "Fedora 29 : community-mysql (2019-96516ce0ac)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:community-mysql", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-96516CE0AC.NASL", "href": "https://www.tenable.com/plugins/nessus/128484", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-96516ce0ac.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128484);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2019-2580\", \"CVE-2019-2581\", \"CVE-2019-2584\", \"CVE-2019-2585\", \"CVE-2019-2587\", \"CVE-2019-2589\", \"CVE-2019-2592\", \"CVE-2019-2593\", \"CVE-2019-2596\", \"CVE-2019-2606\", \"CVE-2019-2607\", \"CVE-2019-2614\", \"CVE-2019-2617\", \"CVE-2019-2620\", \"CVE-2019-2737\", \"CVE-2019-2738\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2752\", \"CVE-2019-2755\", \"CVE-2019-2757\", \"CVE-2019-2758\", \"CVE-2019-2774\", \"CVE-2019-2778\", \"CVE-2019-2780\", \"CVE-2019-2784\", \"CVE-2019-2785\", \"CVE-2019-2789\");\n script_xref(name:\"FEDORA\", value:\"2019-96516ce0ac\");\n\n script_name(english:\"Fedora 29 : community-mysql (2019-96516ce0ac)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**MySQL 8.0.17**\n\nThis update brings the latest MySQL 8.0.17 which fixes severe security\nissues. Now available as both a standard package and a module!\n\nRelease notes :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-17.html\n\nMainatiner notes :\n\n - The MySQL Modules are now built from the same sources as\n the base packages, so the should be identical\n\n - The package is now being built with number of standard\n Fedora build flags that has not been used before. The\n package should be now more stable and secure.\n\n - In Modules, the bug #1729133 still exists\n\n - The MySQL 5.7 and 5.6 Modules may exists, but I'm out of\n capacity to maintain them. Whenever possible upgrade to\n MySQL 8.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-96516ce0ac\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected community-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2778\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"community-mysql-8.0.17-2.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2022-05-24T16:52:30", "description": "**MySQL 8.0.17**\n\nThis update brings the latest MySQL 8.0.17 which fixes severe security issues. Now available as both a standard package and a module!\n\nRelease notes :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-17.html\n\nMainatiner notes :\n\n - The MySQL Modules are now built from the same sources as the base packages, so the should be identical\n\n - The package is now being built with number of standard Fedora build flags that has not been used before. The package should be now more stable and secure.\n\n - In Modules, the bug #1729133 still exists\n\n - The MySQL 5.7 and 5.6 Modules may exists, but I'm out of capacity to maintain them. Whenever possible upgrade to MySQL 8.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-09-04T00:00:00", "type": "nessus", "title": "Fedora 30 : community-mysql (2019-c106e46a95)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:community-mysql", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-C106E46A95.NASL", "href": "https://www.tenable.com/plugins/nessus/128487", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-c106e46a95.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128487);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2019-2580\", \"CVE-2019-2581\", \"CVE-2019-2584\", \"CVE-2019-2585\", \"CVE-2019-2587\", \"CVE-2019-2589\", \"CVE-2019-2592\", \"CVE-2019-2593\", \"CVE-2019-2596\", \"CVE-2019-2606\", \"CVE-2019-2607\", \"CVE-2019-2614\", \"CVE-2019-2617\", \"CVE-2019-2620\", \"CVE-2019-2737\", \"CVE-2019-2738\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2752\", \"CVE-2019-2755\", \"CVE-2019-2757\", \"CVE-2019-2758\", \"CVE-2019-2774\", \"CVE-2019-2778\", \"CVE-2019-2780\", \"CVE-2019-2784\", \"CVE-2019-2785\", \"CVE-2019-2789\");\n script_xref(name:\"FEDORA\", value:\"2019-c106e46a95\");\n\n script_name(english:\"Fedora 30 : community-mysql (2019-c106e46a95)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"**MySQL 8.0.17**\n\nThis update brings the latest MySQL 8.0.17 which fixes severe security\nissues. Now available as both a standard package and a module!\n\nRelease notes :\n\nhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-17.html\n\nMainatiner notes :\n\n - The MySQL Modules are now built from the same sources as\n the base packages, so the should be identical\n\n - The package is now being built with number of standard\n Fedora build flags that has not been used before. The\n package should be now more stable and secure.\n\n - In Modules, the bug #1729133 still exists\n\n - The MySQL 5.7 and 5.6 Modules may exists, but I'm out of\n capacity to maintain them. Whenever possible upgrade to\n MySQL 8.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-c106e46a95\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected community-mysql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2778\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"community-mysql-8.0.17-2.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2022-05-20T15:03:04", "description": "The version of MySQL running on the remote host is 8.0.x prior to 8.0.17. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the July 2019 Critical Patch Update advisory:\n\n - An unspecified vulnerability in the 'Shell: Admin / InnoDB Cluster' subcomponent could allow an unauthenticated attacker to takeover an affected MySQL Server. A successful attack requires user interaction.\n (CVE-2019-2822)\n\n - As unspecified vulnerability in the 'Server: Replication' subcomponent could allow an unauthenticated attacker to cause the server to hang or to, via a frequently repeatable crash, cause a complete denial of service.\n Additionally, a successful attacker could perform unauthorized modifications to some MySQL Server accessible data. (CVE-2019-2800)\n\n - As unspecified vulnerability in the 'Server: Charsets' subcomponent could allow an unauthenticated attacker to cause the server to hang or to, via a frequently repeatable crash, cause a complete denial of service.\n (CVE-2019-2795)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-07-18T00:00:00", "type": "nessus", "title": "MySQL 8.0.x < 8.0.17 Multiple Vulnerabilities (July 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2741", "CVE-2019-2752", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2791", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2822", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879", "CVE-2019-2948", "CVE-2019-2950", "CVE-2019-2969", "CVE-2019-3003"], "modified": "2022-05-19T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_8_0_17.NASL", "href": "https://www.tenable.com/plugins/nessus/126784", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126784);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2737\",\n \"CVE-2019-2738\",\n \"CVE-2019-2739\",\n \"CVE-2019-2740\",\n \"CVE-2019-2741\",\n \"CVE-2019-2752\",\n \"CVE-2019-2757\",\n \"CVE-2019-2758\",\n \"CVE-2019-2774\",\n \"CVE-2019-2778\",\n \"CVE-2019-2780\",\n \"CVE-2019-2784\",\n \"CVE-2019-2785\",\n \"CVE-2019-2789\",\n \"CVE-2019-2791\",\n \"CVE-2019-2795\",\n \"CVE-2019-2796\",\n \"CVE-2019-2797\",\n \"CVE-2019-2800\",\n \"CVE-2019-2801\",\n \"CVE-2019-2802\",\n \"CVE-2019-2803\",\n \"CVE-2019-2805\",\n \"CVE-2019-2808\",\n \"CVE-2019-2810\",\n \"CVE-2019-2811\",\n \"CVE-2019-2812\",\n \"CVE-2019-2814\",\n \"CVE-2019-2815\",\n \"CVE-2019-2819\",\n \"CVE-2019-2822\",\n \"CVE-2019-2826\",\n \"CVE-2019-2830\",\n \"CVE-2019-2834\",\n \"CVE-2019-2879\",\n \"CVE-2019-2948\",\n \"CVE-2019-2950\",\n \"CVE-2019-2969\",\n \"CVE-2019-3003\"\n );\n script_bugtraq_id(109234, 109243, 109247);\n\n script_name(english:\"MySQL 8.0.x < 8.0.17 Multiple Vulnerabilities (July 2019 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 8.0.x prior to\n8.0.17. It is, therefore, affected by multiple vulnerabilities,\nincluding three of the top vulnerabilities below, as noted in the\nJuly 2019 Critical Patch Update advisory:\n\n - An unspecified vulnerability in the\n 'Shell: Admin / InnoDB Cluster' subcomponent could allow\n an unauthenticated attacker to takeover an affected MySQL\n Server. A successful attack requires user interaction.\n (CVE-2019-2822)\n\n - As unspecified vulnerability in the 'Server: Replication'\n subcomponent could allow an unauthenticated attacker to\n cause the server to hang or to, via a frequently\n repeatable crash, cause a complete denial of service.\n Additionally, a successful attacker could perform\n unauthorized modifications to some MySQL Server\n accessible data. (CVE-2019-2800)\n\n - As unspecified vulnerability in the 'Server: Charsets'\n subcomponent could allow an unauthenticated attacker to\n cause the server to hang or to, via a frequently\n repeatable crash, cause a complete denial of service.\n (CVE-2019-2795)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-17.html\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1adc2fd3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 8.0.17 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2819\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2822\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\", \"mysql_version_local.nasl\", \"mysql_win_installed.nbin\", \"macosx_mysql_installed.nbin\");\n script_require_keys(\"installed_sw/MySQL Server\");\n\n exit(0);\n}\n\ninclude('vcf_extras_mysql.inc');\n\nvar app_info = vcf::mysql::combined_get_app_info();\n\nvar constraints = [{ 'min_version' : '8.0.0', 'fixed_version' : '8.0.17'}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2022-06-16T16:48:33", "description": "Oracle reports :\n\nThis Critical Patch Update contains 45 new security fixes for Oracle MySQL. 4 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-23T00:00:00", "type": "nessus", "title": "FreeBSD : MySQL -- Multiple vulerabilities (198e6220-ac8b-11e9-a1c7-b499baebfeaf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2730", "CVE-2019-2731", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2741", "CVE-2019-2743", "CVE-2019-2746", "CVE-2019-2747", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2791", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2822", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879", "CVE-2019-3822"], "modified": "2020-01-08T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mariadb101-server", "p-cpe:/a:freebsd:freebsd:mariadb102-server", "p-cpe:/a:freebsd:freebsd:mariadb103-server", "p-cpe:/a:freebsd:freebsd:mariadb104-server", "p-cpe:/a:freebsd:freebsd:mariadb55-server", "p-cpe:/a:freebsd:freebsd:mysql56-server", "p-cpe:/a:freebsd:freebsd:mysql57-server", "p-cpe:/a:freebsd:freebsd:mysql80-server", "p-cpe:/a:freebsd:freebsd:percona55-server", "p-cpe:/a:freebsd:freebsd:percona56-server", "p-cpe:/a:freebsd:freebsd:percona57-server", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_198E6220AC8B11E9A1C7B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/126928", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126928);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2019-2730\", \"CVE-2019-2731\", \"CVE-2019-2737\", \"CVE-2019-2738\", \"CVE-2019-2739\", \"CVE-2019-2740\", \"CVE-2019-2741\", \"CVE-2019-2743\", \"CVE-2019-2746\", \"CVE-2019-2747\", \"CVE-2019-2752\", \"CVE-2019-2755\", \"CVE-2019-2757\", \"CVE-2019-2758\", \"CVE-2019-2774\", \"CVE-2019-2778\", \"CVE-2019-2780\", \"CVE-2019-2784\", \"CVE-2019-2785\", \"CVE-2019-2789\", \"CVE-2019-2791\", \"CVE-2019-2795\", \"CVE-2019-2796\", \"CVE-2019-2797\", \"CVE-2019-2798\", \"CVE-2019-2800\", \"CVE-2019-2801\", \"CVE-2019-2802\", \"CVE-2019-2803\", \"CVE-2019-2805\", \"CVE-2019-2808\", \"CVE-2019-2810\", \"CVE-2019-2811\", \"CVE-2019-2812\", \"CVE-2019-2814\", \"CVE-2019-2815\", \"CVE-2019-2819\", \"CVE-2019-2822\", \"CVE-2019-2826\", \"CVE-2019-2830\", \"CVE-2019-2834\", \"CVE-2019-2879\", \"CVE-2019-3822\");\n\n script_name(english:\"FreeBSD : MySQL -- Multiple vulerabilities (198e6220-ac8b-11e9-a1c7-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Oracle reports :\n\nThis Critical Patch Update contains 45 new security fixes for Oracle\nMySQL. 4 of these vulnerabilities may be remotely exploitable without\nauthentication, i.e., may be exploited over a network without\nrequiring user credentials.\"\n );\n # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9aa2b901\"\n );\n # https://vuxml.freebsd.org/freebsd/198e6220-ac8b-11e9-a1c7-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?079298bc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb101-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb102-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb103-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb104-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql57-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql80-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona57-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mariadb55-server<5.5.65\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb101-server<10.1.41\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb102-server<10.2.26\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb103-server<10.3.17\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb104-server<10.4.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql56-server<5.6.45\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql57-server<5.7.27\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql80-server<8.0.17\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona55-server<5.5.65\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona56-server<5.6.45\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona57-server<5.7.27\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-20T15:06:54", "description": "From Red Hat Security Advisory 2019:2511 :\n\nAn update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version:\nmysql (8.0.17).\n\nSecurity Fix(es) :\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-08-20T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : mysql:8.0 (ELSA-2019-2511)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2420", "CVE-2019-2434", "CVE-2019-2436", "CVE-2019-2455", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2486", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2507", "CVE-2019-2510", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2539", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2623", "CVE-2019-2624", "CVE-2019-2625", "CVE-2019-2626", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2634", "CVE-2019-2635", "CVE-2019-2636", "CVE-2019-2644", "CVE-2019-2681", "CVE-2019-2683", "CVE-2019-2685", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2688", "CVE-2019-2689", "CVE-2019-2691", "CVE-2019-2693", "CVE-2019-2694", "CVE-2019-2695", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879", "CVE-2019-2948", "CVE-2019-2950", "CVE-2019-2969", "CVE-2019-3003"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:mecab", "p-cpe:/a:oracle:linux:mecab-ipadic", "p-cpe:/a:oracle:linux:mecab-ipadic-EUCJP", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:oracle:linux:mysql-common", "p-cpe:/a:oracle:linux:mysql-devel", "p-cpe:/a:oracle:linux:mysql-errmsg", "p-cpe:/a:oracle:linux:mysql-libs", "p-cpe:/a:oracle:linux:mysql-server", "p-cpe:/a:oracle:linux:mysql-test", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2019-2511.NASL", "href": "https://www.tenable.com/plugins/nessus/127983", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:2511 and \n# Oracle Linux Security Advisory ELSA-2019-2511 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127983);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2420\",\n \"CVE-2019-2434\",\n \"CVE-2019-2436\",\n \"CVE-2019-2455\",\n \"CVE-2019-2481\",\n \"CVE-2019-2482\",\n \"CVE-2019-2486\",\n \"CVE-2019-2494\",\n \"CVE-2019-2495\",\n \"CVE-2019-2502\",\n \"CVE-2019-2503\",\n \"CVE-2019-2507\",\n \"CVE-2019-2510\",\n \"CVE-2019-2528\",\n \"CVE-2019-2529\",\n \"CVE-2019-2530\",\n \"CVE-2019-2531\",\n \"CVE-2019-2532\",\n \"CVE-2019-2533\",\n \"CVE-2019-2534\",\n \"CVE-2019-2535\",\n \"CVE-2019-2536\",\n \"CVE-2019-2537\",\n \"CVE-2019-2539\",\n \"CVE-2019-2580\",\n \"CVE-2019-2581\",\n \"CVE-2019-2584\",\n \"CVE-2019-2585\",\n \"CVE-2019-2587\",\n \"CVE-2019-2589\",\n \"CVE-2019-2592\",\n \"CVE-2019-2593\",\n \"CVE-2019-2596\",\n \"CVE-2019-2606\",\n \"CVE-2019-2607\",\n \"CVE-2019-2614\",\n \"CVE-2019-2617\",\n \"CVE-2019-2620\",\n \"CVE-2019-2623\",\n \"CVE-2019-2624\",\n \"CVE-2019-2625\",\n \"CVE-2019-2626\",\n \"CVE-2019-2627\",\n \"CVE-2019-2628\",\n \"CVE-2019-2630\",\n \"CVE-2019-2631\",\n \"CVE-2019-2634\",\n \"CVE-2019-2635\",\n \"CVE-2019-2636\",\n \"CVE-2019-2644\",\n \"CVE-2019-2681\",\n \"CVE-2019-2683\",\n \"CVE-2019-2685\",\n \"CVE-2019-2686\",\n \"CVE-2019-2687\",\n \"CVE-2019-2688\",\n \"CVE-2019-2689\",\n \"CVE-2019-2691\",\n \"CVE-2019-2693\",\n \"CVE-2019-2694\",\n \"CVE-2019-2695\",\n \"CVE-2019-2737\",\n \"CVE-2019-2738\",\n \"CVE-2019-2739\",\n \"CVE-2019-2740\",\n \"CVE-2019-2752\",\n \"CVE-2019-2755\",\n \"CVE-2019-2757\",\n \"CVE-2019-2758\",\n \"CVE-2019-2774\",\n \"CVE-2019-2778\",\n \"CVE-2019-2780\",\n \"CVE-2019-2784\",\n \"CVE-2019-2785\",\n \"CVE-2019-2789\",\n \"CVE-2019-2795\",\n \"CVE-2019-2796\",\n \"CVE-2019-2797\",\n \"CVE-2019-2798\",\n \"CVE-2019-2800\",\n \"CVE-2019-2801\",\n \"CVE-2019-2802\",\n \"CVE-2019-2803\",\n \"CVE-2019-2805\",\n \"CVE-2019-2808\",\n \"CVE-2019-2810\",\n \"CVE-2019-2811\",\n \"CVE-2019-2812\",\n \"CVE-2019-2814\",\n \"CVE-2019-2815\",\n \"CVE-2019-2819\",\n \"CVE-2019-2826\",\n \"CVE-2019-2830\",\n \"CVE-2019-2834\",\n \"CVE-2019-2879\",\n \"CVE-2019-2948\",\n \"CVE-2019-2950\",\n \"CVE-2019-2969\",\n \"CVE-2019-3003\"\n );\n script_xref(name:\"RHSA\", value:\"2019:2511\");\n\n script_name(english:\"Oracle Linux 8 : mysql:8.0 (ELSA-2019-2511)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:2511 :\n\nAn update for the mysql:8.0 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version:\nmysql (8.0.17).\n\nSecurity Fix(es) :\n\n* mysql: Server: Replication multiple unspecified vulnerabilities\n(CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534,\nCVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634,\nCVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities\n(CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529,\nCVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607,\nCVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686,\nCVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693,\nCVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774,\nCVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808,\nCVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830,\nCVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities\n(CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities\n(CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified\nvulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533,\nCVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620,\nCVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811,\nCVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities\n(CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626,\nCVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502,\nCVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593,\nCVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785,\nCVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability\n(CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities\n(CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities\n(CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability\n(CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability\n(CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities\n(CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability\n(CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability\n(CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability\n(CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-August/009076.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mysql:8.0 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2819\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2800\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mecab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mecab-0.996-1.module+el8.0.0+5253+1dce7bb2.9\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mecab-ipadic-2.7.0.20070801-16.0.1.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mecab-ipadic-EUCJP-2.7.0.20070801-16.0.1.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-common-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-devel-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-errmsg-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-libs-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-server-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"mysql-test-8.0.17-3.module+el8.0.0+5253+1dce7bb2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mecab / mecab-ipadic / mecab-ipadic-EUCJP / mysql / mysql-common / etc\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2022-05-20T15:06:51", "description": "An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version:\nmysql (8.0.17).\n\nSecurity Fix(es) :\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"}, "published": "2019-08-20T00:00:00", "type": "nessus", "title": "RHEL 8 : mysql:8.0 (RHSA-2019:2511)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2420", "CVE-2019-2434", "CVE-2019-2436", "CVE-2019-2455", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2486", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2507", "CVE-2019-2510", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2539", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2623", "CVE-2019-2624", "CVE-2019-2625", "CVE-2019-2626", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2634", "CVE-2019-2635", "CVE-2019-2636", "CVE-2019-2644", "CVE-2019-2681", "CVE-2019-2683", "CVE-2019-2685", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2688", "CVE-2019-2689", "CVE-2019-2691", "CVE-2019-2693", "CVE-2019-2694", "CVE-2019-2695", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879", "CVE-2019-2948", "CVE-2019-2950", "CVE-2019-2969", "CVE-2019-3003"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:mecab", "p-cpe:/a:redhat:enterprise_linux:mecab-debugsource", "p-cpe:/a:redhat:enterprise_linux:mecab-ipadic", "p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-EUCJP", "p-cpe:/a:redhat:enterprise_linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql-common", "p-cpe:/a:redhat:enterprise_linux:mysql-debugsource", "p-cpe:/a:redhat:enterprise_linux:mysql-devel", "p-cpe:/a:redhat:enterprise_linux:mysql-errmsg", "p-cpe:/a:redhat:enterprise_linux:mysql-libs", "p-cpe:/a:redhat:enterprise_linux:mysql-server", "p-cpe:/a:redhat:enterprise_linux:mysql-test", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8.0"], "id": "REDHAT-RHSA-2019-2511.NASL", "href": "https://www.tenable.com/plugins/nessus/127991", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:2511. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127991);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-2420\",\n \"CVE-2019-2434\",\n \"CVE-2019-2436\",\n \"CVE-2019-2455\",\n \"CVE-2019-2481\",\n \"CVE-2019-2482\",\n \"CVE-2019-2486\",\n \"CVE-2019-2494\",\n \"CVE-2019-2495\",\n \"CVE-2019-2502\",\n \"CVE-2019-2503\",\n \"CVE-2019-2507\",\n \"CVE-2019-2510\",\n \"CVE-2019-2528\",\n \"CVE-2019-2529\",\n \"CVE-2019-2530\",\n \"CVE-2019-2531\",\n \"CVE-2019-2532\",\n \"CVE-2019-2533\",\n \"CVE-2019-2534\",\n \"CVE-2019-2535\",\n \"CVE-2019-2536\",\n \"CVE-2019-2537\",\n \"CVE-2019-2539\",\n \"CVE-2019-2580\",\n \"CVE-2019-2581\",\n \"CVE-2019-2584\",\n \"CVE-2019-2585\",\n \"CVE-2019-2587\",\n \"CVE-2019-2589\",\n \"CVE-2019-2592\",\n \"CVE-2019-2593\",\n \"CVE-2019-2596\",\n \"CVE-2019-2606\",\n \"CVE-2019-2607\",\n \"CVE-2019-2614\",\n \"CVE-2019-2617\",\n \"CVE-2019-2620\",\n \"CVE-2019-2623\",\n \"CVE-2019-2624\",\n \"CVE-2019-2625\",\n \"CVE-2019-2626\",\n \"CVE-2019-2627\",\n \"CVE-2019-2628\",\n \"CVE-2019-2630\",\n \"CVE-2019-2631\",\n \"CVE-2019-2634\",\n \"CVE-2019-2635\",\n \"CVE-2019-2636\",\n \"CVE-2019-2644\",\n \"CVE-2019-2681\",\n \"CVE-2019-2683\",\n \"CVE-2019-2685\",\n \"CVE-2019-2686\",\n \"CVE-2019-2687\",\n \"CVE-2019-2688\",\n \"CVE-2019-2689\",\n \"CVE-2019-2691\",\n \"CVE-2019-2693\",\n \"CVE-2019-2694\",\n \"CVE-2019-2695\",\n \"CVE-2019-2737\",\n \"CVE-2019-2738\",\n \"CVE-2019-2739\",\n \"CVE-2019-2740\",\n \"CVE-2019-2752\",\n \"CVE-2019-2755\",\n \"CVE-2019-2757\",\n \"CVE-2019-2758\",\n \"CVE-2019-2774\",\n \"CVE-2019-2778\",\n \"CVE-2019-2780\",\n \"CVE-2019-2784\",\n \"CVE-2019-2785\",\n \"CVE-2019-2789\",\n \"CVE-2019-2795\",\n \"CVE-2019-2796\",\n \"CVE-2019-2797\",\n \"CVE-2019-2798\",\n \"CVE-2019-2800\",\n \"CVE-2019-2801\",\n \"CVE-2019-2802\",\n \"CVE-2019-2803\",\n \"CVE-2019-2805\",\n \"CVE-2019-2808\",\n \"CVE-2019-2810\",\n \"CVE-2019-2811\",\n \"CVE-2019-2812\",\n \"CVE-2019-2814\",\n \"CVE-2019-2815\",\n \"CVE-2019-2819\",\n \"CVE-2019-2826\",\n \"CVE-2019-2830\",\n \"CVE-2019-2834\",\n \"CVE-2019-2879\",\n \"CVE-2019-2948\",\n \"CVE-2019-2950\",\n \"CVE-2019-2969\",\n \"CVE-2019-3003\"\n );\n script_xref(name:\"RHSA\", value:\"2019:2511\");\n\n script_name(english:\"RHEL 8 : mysql:8.0 (RHSA-2019:2511)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for the mysql:8.0 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists\nof the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version:\nmysql (8.0.17).\n\nSecurity Fix(es) :\n\n* mysql: Server: Replication multiple unspecified vulnerabilities\n(CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534,\nCVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634,\nCVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities\n(CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529,\nCVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607,\nCVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686,\nCVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693,\nCVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774,\nCVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808,\nCVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830,\nCVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities\n(CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities\n(CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified\nvulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533,\nCVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620,\nCVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811,\nCVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities\n(CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626,\nCVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502,\nCVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593,\nCVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785,\nCVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability\n(CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities\n(CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities\n(CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability\n(CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability\n(CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities\n(CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability\n(CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability\n(CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability\n(CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2495\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2502\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2531\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2533\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2737\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2778\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2830\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2834\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-2969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-3003\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2819\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2800\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/mysql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\nif ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);\n\nappstreams = {\n 'mysql:8.0': [\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'s390x', 'release':'8'},\n {'reference':'mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'s390x', 'release':'8'},\n {'reference':'mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-common-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-common-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-common-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-debugsource-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-debugsource-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-debugsource-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-devel-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-devel-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-devel-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-errmsg-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-errmsg-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-errmsg-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-libs-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-libs-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-libs-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-server-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-server-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-server-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'},\n {'reference':'mysql-test-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'aarch64', 'release':'8'},\n {'reference':'mysql-test-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'s390x', 'release':'8'},\n {'reference':'mysql-test-8.0.17-3.module+el8.0.0+3898+e09bb8de', 'cpu':'x86_64', 'release':'8'}\n ],\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-debugsource / mecab-ipadic / etc');\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2022-05-13T14:45:38", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:2511 advisory.\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019) (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2019) (CVE-2019-2434, CVE-2019-2455)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jan 2019) (CVE-2019-2436, CVE-2019-2531, CVE-2019-2534)\n\n - mysql: Server: PS unspecified vulnerability (CPU Jan 2019) (CVE-2019-2482)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2019) (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2502, CVE-2019-2510)\n\n - mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019) (CVE-2019-2503)\n\n - mysql: Server: Partition unspecified vulnerability (CPU Jan 2019) (CVE-2019-2528)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jan 2019) (CVE-2019-2535)\n\n - mysql: Server: Packaging unspecified vulnerability (CPU Jan 2019) (CVE-2019-2536)\n\n - mysql: Server: Connection unspecified vulnerability (CPU Jan 2019) (CVE-2019-2539)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2019) (CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627)\n\n - mysql: Server: Partition unspecified vulnerability (CPU Apr 2019) (CVE-2019-2587)\n\n - mysql: Server: PS unspecified vulnerability (CPU Apr 2019) (CVE-2019-2592)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635)\n\n - mysql: Server: Options unspecified vulnerability (CPU Apr 2019) (CVE-2019-2623, CVE-2019-2683)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2019) (CVE-2019-2626, CVE-2019-2644)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2019) (CVE-2019-2631)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2019) (CVE-2019-2636)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Apr 2019) (CVE-2019-2691)\n\n - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737)\n\n - mysql: Server: Compiling unspecified vulnerability (CPU Jul 2019) (CVE-2019-2738)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739, CVE-2019-2778, CVE-2019-2789, CVE-2019-2811)\n\n - mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2019) (CVE-2019-2752)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jul 2019) (CVE-2019-2755, CVE-2019-2800)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2019) (CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2814, CVE-2019-2879)\n\n - mysql: Server: Components / Services unspecified vulnerability (CPU Jul 2019) (CVE-2019-2780)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2784)\n\n - mysql: Server: Charsets unspecified vulnerability (CPU Jul 2019) (CVE-2019-2795)\n\n - mysql: Client programs unspecified vulnerability (CPU Jul 2019) (CVE-2019-2797)\n\n - mysql: Server: FTS unspecified vulnerability (CPU Jul 2019) (CVE-2019-2801)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805)\n\n - mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2019) (CVE-2019-2819)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2019) (CVE-2019-2826)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2948, CVE-2019-2950)\n\n - mysql: Client programs unspecified vulnerability (CPU Oct 2019) (CVE-2019-2969)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-3003)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : mysql:8.0 (CESA-2019:2511)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2420", "CVE-2019-2434", "CVE-2019-2436", "CVE-2019-2455", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2486", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2507", "CVE-2019-2510", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2539", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2623", "CVE-2019-2624", "CVE-2019-2625", "CVE-2019-2626", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2634", "CVE-2019-2635", "CVE-2019-2636", "CVE-2019-2644", "CVE-2019-2681", "CVE-2019-2683", "CVE-2019-2685", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2688", "CVE-2019-2689", "CVE-2019-2691", "CVE-2019-2693", "CVE-2019-2694", "CVE-2019-2695", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879", "CVE-2019-2948", "CVE-2019-2950", "CVE-2019-2969", "CVE-2019-3003"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:mecab", "p-cpe:/a:centos:centos:mecab-ipadic", "p-cpe:/a:centos:centos:mecab-ipadic-EUCJP", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:centos:centos:mysql-common", "p-cpe:/a:centos:centos:mysql-devel", "p-cpe:/a:centos:centos:mysql-errmsg", "p-cpe:/a:centos:centos:mysql-libs", "p-cpe:/a:centos:centos:mysql-server", "p-cpe:/a:centos:centos:mysql-test"], "id": "CENTOS8_RHSA-2019-2511.NASL", "href": "https://www.tenable.com/plugins/nessus/145612", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:2511. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145612);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-2420\",\n \"CVE-2019-2434\",\n \"CVE-2019-2436\",\n \"CVE-2019-2455\",\n \"CVE-2019-2481\",\n \"CVE-2019-2482\",\n \"CVE-2019-2486\",\n \"CVE-2019-2494\",\n \"CVE-2019-2495\",\n \"CVE-2019-2502\",\n \"CVE-2019-2503\",\n \"CVE-2019-2507\",\n \"CVE-2019-2510\",\n \"CVE-2019-2528\",\n \"CVE-2019-2529\",\n \"CVE-2019-2530\",\n \"CVE-2019-2531\",\n \"CVE-2019-2532\",\n \"CVE-2019-2533\",\n \"CVE-2019-2534\",\n \"CVE-2019-2535\",\n \"CVE-2019-2536\",\n \"CVE-2019-2537\",\n \"CVE-2019-2539\",\n \"CVE-2019-2580\",\n \"CVE-2019-2581\",\n \"CVE-2019-2584\",\n \"CVE-2019-2585\",\n \"CVE-2019-2587\",\n \"CVE-2019-2589\",\n \"CVE-2019-2592\",\n \"CVE-2019-2593\",\n \"CVE-2019-2596\",\n \"CVE-2019-2606\",\n \"CVE-2019-2607\",\n \"CVE-2019-2614\",\n \"CVE-2019-2617\",\n \"CVE-2019-2620\",\n \"CVE-2019-2623\",\n \"CVE-2019-2624\",\n \"CVE-2019-2625\",\n \"CVE-2019-2626\",\n \"CVE-2019-2627\",\n \"CVE-2019-2628\",\n \"CVE-2019-2630\",\n \"CVE-2019-2631\",\n \"CVE-2019-2634\",\n \"CVE-2019-2635\",\n \"CVE-2019-2636\",\n \"CVE-2019-2644\",\n \"CVE-2019-2681\",\n \"CVE-2019-2683\",\n \"CVE-2019-2685\",\n \"CVE-2019-2686\",\n \"CVE-2019-2687\",\n \"CVE-2019-2688\",\n \"CVE-2019-2689\",\n \"CVE-2019-2691\",\n \"CVE-2019-2693\",\n \"CVE-2019-2694\",\n \"CVE-2019-2695\",\n \"CVE-2019-2737\",\n \"CVE-2019-2738\",\n \"CVE-2019-2739\",\n \"CVE-2019-2740\",\n \"CVE-2019-2752\",\n \"CVE-2019-2755\",\n \"CVE-2019-2757\",\n \"CVE-2019-2758\",\n \"CVE-2019-2774\",\n \"CVE-2019-2778\",\n \"CVE-2019-2780\",\n \"CVE-2019-2784\",\n \"CVE-2019-2785\",\n \"CVE-2019-2789\",\n \"CVE-2019-2795\",\n \"CVE-2019-2796\",\n \"CVE-2019-2797\",\n \"CVE-2019-2798\",\n \"CVE-2019-2800\",\n \"CVE-2019-2801\",\n \"CVE-2019-2802\",\n \"CVE-2019-2803\",\n \"CVE-2019-2805\",\n \"CVE-2019-2808\",\n \"CVE-2019-2810\",\n \"CVE-2019-2811\",\n \"CVE-2019-2812\",\n \"CVE-2019-2814\",\n \"CVE-2019-2815\",\n \"CVE-2019-2819\",\n \"CVE-2019-2826\",\n \"CVE-2019-2830\",\n \"CVE-2019-2834\",\n \"CVE-2019-2879\",\n \"CVE-2019-2948\",\n \"CVE-2019-2950\",\n \"CVE-2019-2969\",\n \"CVE-2019-3003\"\n );\n script_bugtraq_id(\n 106619,\n 106622,\n 106625,\n 106626,\n 106627,\n 106628,\n 107913,\n 107924,\n 107927,\n 107928,\n 109243,\n 109247,\n 109259,\n 109260\n );\n script_xref(name:\"RHSA\", value:\"2019:2511\");\n\n script_name(english:\"CentOS 8 : mysql:8.0 (CESA-2019:2511)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:2511 advisory.\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019) (CVE-2019-2420, CVE-2019-2481,\n CVE-2019-2507, CVE-2019-2529, CVE-2019-2530)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2019) (CVE-2019-2434, CVE-2019-2455)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jan 2019) (CVE-2019-2436, CVE-2019-2531,\n CVE-2019-2534)\n\n - mysql: Server: PS unspecified vulnerability (CPU Jan 2019) (CVE-2019-2482)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2019) (CVE-2019-2486,\n CVE-2019-2532, CVE-2019-2533)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2502, CVE-2019-2510)\n\n - mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019) (CVE-2019-2503)\n\n - mysql: Server: Partition unspecified vulnerability (CPU Jan 2019) (CVE-2019-2528)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jan 2019) (CVE-2019-2535)\n\n - mysql: Server: Packaging unspecified vulnerability (CPU Jan 2019) (CVE-2019-2536)\n\n - mysql: Server: Connection unspecified vulnerability (CPU Jan 2019) (CVE-2019-2539)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2580, CVE-2019-2585, CVE-2019-2593,\n CVE-2019-2624, CVE-2019-2628)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2019) (CVE-2019-2581, CVE-2019-2596,\n CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688,\n CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2584,\n CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627)\n\n - mysql: Server: Partition unspecified vulnerability (CPU Apr 2019) (CVE-2019-2587)\n\n - mysql: Server: PS unspecified vulnerability (CPU Apr 2019) (CVE-2019-2592)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614, CVE-2019-2617,\n CVE-2019-2630, CVE-2019-2634, CVE-2019-2635)\n\n - mysql: Server: Options unspecified vulnerability (CPU Apr 2019) (CVE-2019-2623, CVE-2019-2683)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2019) (CVE-2019-2626, CVE-2019-2644)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2019) (CVE-2019-2631)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2019) (CVE-2019-2636)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Apr 2019) (CVE-2019-2691)\n\n - mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737)\n\n - mysql: Server: Compiling unspecified vulnerability (CPU Jul 2019) (CVE-2019-2738)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739,\n CVE-2019-2778, CVE-2019-2789, CVE-2019-2811)\n\n - mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2019) (CVE-2019-2752)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jul 2019) (CVE-2019-2755, CVE-2019-2800)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2019) (CVE-2019-2757, CVE-2019-2774,\n CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815,\n CVE-2019-2830, CVE-2019-2834)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758, CVE-2019-2785, CVE-2019-2798,\n CVE-2019-2814, CVE-2019-2879)\n\n - mysql: Server: Components / Services unspecified vulnerability (CPU Jul 2019) (CVE-2019-2780)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2784)\n\n - mysql: Server: Charsets unspecified vulnerability (CPU Jul 2019) (CVE-2019-2795)\n\n - mysql: Client programs unspecified vulnerability (CPU Jul 2019) (CVE-2019-2797)\n\n - mysql: Server: FTS unspecified vulnerability (CPU Jul 2019) (CVE-2019-2801)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805)\n\n - mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2019) (CVE-2019-2819)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2019) (CVE-2019-2826)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2948, CVE-2019-2950)\n\n - mysql: Client programs unspecified vulnerability (CPU Oct 2019) (CVE-2019-2969)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-3003)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2511\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-2819\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-2800\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mecab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-test\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/mysql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\nif ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);\n\nappstreams = {\n 'mysql:8.0': [\n {'reference':'mecab-0.996-1.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-0.996-1.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.17-3.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.17-3.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.17-3.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.17-3.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.17-3.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.17-3.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.17-3.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.17-3.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.17-3.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.17-3.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.17-3.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.17-3.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.17-3.module_el8.0.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.17-3.module_el8.0.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-ipadic / mecab-ipadic-EUCJP / mysql / mysql-common / etc');\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "ibm": [{"lastseen": "2021-12-30T21:39:55", "description": "## Summary\n\nIBM Security Guardium has addressed the following vulnerabilities. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-2789](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2789>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 2.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163852> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2019-2784](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2784>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: DML component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2740](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2740>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: XML component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163804> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2785](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2785>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163848> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2741](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2741>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Audit Log component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163805> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2780](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2780>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Components / Services component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163843> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2819](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2819>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Audit component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163881> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)\n\n**CVEID:** [CVE-2019-2814](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2814>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 2.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163876> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2019-2737](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2737>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server : Pluggable Auth component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163801> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2758](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2758>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163822> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)\n\n**CVEID:** [CVE-2019-2879](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2879>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163938> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2739](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2739>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163803> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)\n\n**CVEID:** [CVE-2019-2815](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2815>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163877> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2738](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2738>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server : Compiling component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163802> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2755>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Replication component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163819> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2810](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2810>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163872> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2798](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2798>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163861> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2757>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163821> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2834](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2834>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163896> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2812](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2812>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163874> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2778](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2778>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2019-2811](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2811>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163873> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2795](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2795>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Charsets component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163858> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2830>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163892> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2797](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2797>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Client programs component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163860> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2796](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2796>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163859> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2752](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2752>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Options component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163816> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2774](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2774>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163837> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2730](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2730>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 2.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163795> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2019-2791](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2791>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Audit Plug-in component could allow an authenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N)\n\n#### \n\n**CVEID:** [CVE-2019-2808](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2808>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2803>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163866> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2802](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2802>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163865> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2805>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Parser component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163868> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2826](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2826>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Roles component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163888> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2801](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2801>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: FTS component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163864> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2800>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Replication component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163863> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)\n\n**CVEID:** [CVE-2019-2822](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2822>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Shell: Admin / InnoDB Cluster component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163884> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected IBM Security Guardium **\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Security Guardium | 9.0 - 9.5 \nIBM Security Guardium | 10.0 - 10.6 \nIBM Security Guardium | 11.0 \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**Remediation / First Fix** \n \n---|---|--- \nIBM Security Guardium | 9.0 - 9.5 | https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=9.0&platform=All&function=fixId&fixids=SqlGuard_9.0p776_SecurityUpdate_64-bit&includeSupersedes=0&source=fc \nIBM Security Guardium | 10.0 - 10.6 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=All&function=fixId&fixids=SqlGuard_10.0p635_Bundle_Dec-24-2019&includeSupersedes=0&source=fc \nIBM Security Guardium | 11.0 | [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm>)/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p12_Bundle_Nov-05-2019&includeSupersedes=0&source=fc \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\nOctober 7, 2019: Original version published \nNovember 12, 2019: Second version published \n13 Jan 2020: Third publication \n\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Internal Use Only\n\n140186\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSMPHH\",\"label\":\"IBM Security Guardium\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"9.0 - 9.5, , 10.0-10.6, 11.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-01-13T20:01:33", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2730", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2741", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2791", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2822", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879"], "modified": "2020-01-13T20:01:33", "id": "17DD2FC3DAC01BFB1E2178DA47F25229A0CD3E9D0AEE278A3C16F19757719E13", "href": "https://www.ibm.com/support/pages/node/1078971", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nOracle reports:\n\nThis Critical Patch Update contains 45 new security fixes for\n\t Oracle MySQL. 4 of these vulnerabilities may be remotely exploitable\n\t without authentication, i.e., may be exploited over a network without\n\t requiring user credentials.\n\t \n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-07-16T00:00:00", "type": "freebsd", "title": "MySQL -- Multiple vulerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2730", "CVE-2019-2731", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2741", "CVE-2019-2743", "CVE-2019-2746", "CVE-2019-2747", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2791", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2822", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879", "CVE-2019-3822"], "modified": "2019-07-16T00:00:00", "id": "198E6220-AC8B-11E9-A1C7-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/198e6220-ac8b-11e9-a1c7-b499baebfeaf.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "photon": [{"lastseen": "2022-05-12T18:03:18", "description": "Updates of ['systemd', 'libmspack', 'patch', 'dracut', 'binutils', 'mysql'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-19T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-0248", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10713", "CVE-2016-8637", "CVE-2018-18585", "CVE-2018-18586", "CVE-2018-20969", "CVE-2019-12972", "CVE-2019-13636", "CVE-2019-13638", "CVE-2019-14250", "CVE-2019-14444", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2741", "CVE-2019-2743", "CVE-2019-2746", "CVE-2019-2747", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2791", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2822", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879", "CVE-2019-6454"], "modified": "2019-08-19T00:00:00", "id": "PHSA-2019-0248", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-248", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-03T11:50:25", "description": "An update of {'libmspack', 'sysdig', 'patch', 'linux', 'mysql', 'dracut', 'linux-esx', 'systemd', 'binutils'} packages of Photon OS has been released. This kernel update fixes vulnerability CVE-2019-1125 which is commonly known as SWAPGS vulnerability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2019-08-19T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-1.0-0248", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 9.4, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10713", "CVE-2016-8637", "CVE-2017-18509", "CVE-2018-18585", "CVE-2018-18586", "CVE-2018-20856", "CVE-2018-20969", "CVE-2019-1125", "CVE-2019-11487", "CVE-2019-12972", "CVE-2019-13636", "CVE-2019-13638", "CVE-2019-14250", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14444", "CVE-2019-15239", "CVE-2019-15926", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2741", "CVE-2019-2743", "CVE-2019-2746", "CVE-2019-2747", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2791", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2822", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879", "CVE-2019-6454", "CVE-2019-8339"], "modified": "2019-08-19T00:00:00", "id": "PHSA-2019-1.0-0248", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-248", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2021-07-30T06:24:35", "description": "mecab\n[0.996-1.9]\n- Release bump for rebuilding on new arches\n Related: #1518842\n[0.996-1.8]\n- skip %verify of /etc/opt/rh/rh-mysql57/mecabrc\n Resolves: #1382315\n[0.996-1.7]\n- Prefix library major number with SCL name in soname\n[0.996-1.6]\n- Require runtime package from the scl\n[0.996-1.5]\n- Convert to SCL package\n[0.996-1.4]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild\n[0.996-1.3]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild\n[0.996-1.2]\n- Rebuilt for GCC 5 C++11 ABI change\n[0.996-1.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild\n[0.996-1.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild\nmecab-ipadic\n[2.7.0.20070801-16.0.1]\n- Rename the LICENSE.Fedora to LICENSE.oracle\n[2.7.0.20070801-16]\n- Rename the LICENSE.fedora to LICENSE.rhel\n[2.7.0.20070801-15]\n- Release bump for rebuilding on new arches\n Related: #1518842\n[2.7.0.20070801-14.1]\n- Require runtime package from the scl\n[2.7.0.20070801-13.1]\n- Convert to SCL package\n[2.7.0.20070801-12.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild\n[2.7.0.20070801-11.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild\n[2.7.0.20070801-10.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild\n[2.7.0.20070801-9.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild\n[2.7.0.20070801-8.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild\n[2.7.0.20070801-7.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild\n[2.7.0.20070801-6.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild\n[2.7.0.20070801-5.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild\n[2.7.0.20070801-4.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild\n* Wed Jan 13 2010 Mamoru Tasaka \n- Fix URL for Source2\n[2.7.0.20070801-3]\n- F-12: Mass rebuild\n[2.7.0.20070801-2]\n- F-11: Mass rebuild\n[2.7.0.20070801.dist.1]\n- License update\n[2.7.0.20070801]\n- New release 2.7.0-20070801\n[2.7.0.20070610]\n- New release 2.7.0-20070610\n[2.7.0.20060707-2]\n- Fix typo\n[2.7.0.20060707-1]\n- Initial packaging, based on mecab-jumandic spec file\nmysql\n[8.0.17-3]\n- Use RELRO hardening on all binaries\n- Resolves: #1734420\n[8.0.17-2]\n- Use RELRO hardening on all binaries\n- Resolves: #1734420\n[8.0.17-1]\n- Rebase to 8.0.17\n- Resolves: #1732042\n- CVEs fixed:\n CVE-2019-2737 CVE-2019-2738 CVE-2019-2739 CVE-2019-2740 CVE-2019-2741\n CVE-2019-2743 CVE-2019-2746 CVE-2019-2747 CVE-2019-2752 CVE-2019-2755\n CVE-2019-2757 CVE-2019-2758 CVE-2019-2774 CVE-2019-2778 CVE-2019-2780\n CVE-2019-2784 CVE-2019-2785 CVE-2019-2789 CVE-2019-2791 CVE-2019-2795\n CVE-2019-2796 CVE-2019-2797 CVE-2019-2798 CVE-2019-2800 CVE-2019-2801\n CVE-2019-2802 CVE-2019-2803 CVE-2019-2805 CVE-2019-2808 CVE-2019-2810\n CVE-2019-2811 CVE-2019-2812 CVE-2019-2814 CVE-2019-2815 CVE-2019-2819\n CVE-2019-2822 CVE-2019-2826 CVE-2019-2830 CVE-2019-2834 CVE-2019-2879", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-19T00:00:00", "type": "oraclelinux", "title": "mysql:8.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2420", "CVE-2019-2434", "CVE-2019-2436", "CVE-2019-2455", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2486", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2507", "CVE-2019-2510", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2539", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2623", "CVE-2019-2624", "CVE-2019-2625", "CVE-2019-2626", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2634", "CVE-2019-2635", "CVE-2019-2636", "CVE-2019-2644", "CVE-2019-2681", "CVE-2019-2683", "CVE-2019-2685", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2688", "CVE-2019-2689", "CVE-2019-2691", "CVE-2019-2693", "CVE-2019-2694", "CVE-2019-2695", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2741", "CVE-2019-2743", "CVE-2019-2746", "CVE-2019-2747", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2791", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2822", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879"], "modified": "2019-08-19T00:00:00", "id": "ELSA-2019-2511", "href": "http://linux.oracle.com/errata/ELSA-2019-2511.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2021-10-19T20:40:00", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.17).\n\nSecurity Fix(es):\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 7.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.2}, "published": "2019-08-15T17:31:05", "type": "redhat", "title": "(RHSA-2019:2511) Important: mysql:8.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2420", "CVE-2019-2434", "CVE-2019-2436", "CVE-2019-2455", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2486", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2507", "CVE-2019-2510", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2539", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2623", "CVE-2019-2624", "CVE-2019-2625", "CVE-2019-2626", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2634", "CVE-2019-2635", "CVE-2019-2636", "CVE-2019-2644", "CVE-2019-2681", "CVE-2019-2683", "CVE-2019-2685", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2688", "CVE-2019-2689", "CVE-2019-2691", "CVE-2019-2693", "CVE-2019-2694", "CVE-2019-2695", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879", "CVE-2019-2948", "CVE-2019-2950", "CVE-2019-2969", "CVE-2019-3003"], "modified": "2019-10-31T16:25:13", "id": "RHSA-2019:2511", "href": "https://access.redhat.com/errata/RHSA-2019:2511", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-10-19T20:36:25", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version: rh-mysql80-mysql (8.0.17).\n\nSecurity Fix(es):\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 7.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.2}, "published": "2019-08-14T06:35:35", "type": "redhat", "title": "(RHSA-2019:2484) Important: rh-mysql80-mysql security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2420", "CVE-2019-2434", "CVE-2019-2436", "CVE-2019-2455", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2486", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2507", "CVE-2019-2510", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2539", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2623", "CVE-2019-2624", "CVE-2019-2625", "CVE-2019-2626", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2634", "CVE-2019-2635", "CVE-2019-2636", "CVE-2019-2644", "CVE-2019-2681", "CVE-2019-2683", "CVE-2019-2685", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2688", "CVE-2019-2689", "CVE-2019-2691", "CVE-2019-2693", "CVE-2019-2694", "CVE-2019-2695", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879", "CVE-2019-2948", "CVE-2019-2950", "CVE-2019-2969", "CVE-2019-3003"], "modified": "2019-10-31T16:25:11", "id": "RHSA-2019:2484", "href": "https://access.redhat.com/errata/RHSA-2019:2484", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "almalinux": [{"lastseen": "2022-05-12T14:57:54", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.17).\n\nSecurity Fix(es):\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2019-08-15T17:31:05", "type": "almalinux", "title": "Important: mysql:8.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2420", "CVE-2019-2434", "CVE-2019-2436", "CVE-2019-2455", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2486", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2507", "CVE-2019-2510", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2539", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2587", "CVE-2019-2589", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2596", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2614", "CVE-2019-2617", "CVE-2019-2620", "CVE-2019-2623", "CVE-2019-2624", "CVE-2019-2625", "CVE-2019-2626", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2634", "CVE-2019-2635", "CVE-2019-2636", "CVE-2019-2644", "CVE-2019-2681", "CVE-2019-2683", "CVE-2019-2685", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2688", "CVE-2019-2689", "CVE-2019-2691", "CVE-2019-2693", "CVE-2019-2694", "CVE-2019-2695", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879"], "modified": "2019-08-15T17:31:05", "id": "ALSA-2019:2511", "href": "https://errata.almalinux.org/8/ALSA-2019-2511.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "oracle": [{"lastseen": "2021-06-08T18:48:58", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 319 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2559985.1>).\n\n** Please note that since the release of the April 2019 Critical Patch Update, Oracle has released two Security Alerts for Oracle WebLogic Server: [ CVE-2019-2725 (April 29, 2019)](<http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html>) and [ CVE-2019-2729 (June 18, 2019)](<http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html>). WebLogic Server customers are strongly advised to apply the fixes contained in this Critical Patch Update, which provides the fixes for the previously-released Alerts as well as additional fixes.**\n", "cvss3": {}, "published": "2019-07-16T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update - July 2019", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-2794", "CVE-2019-2853", "CVE-2019-2820", "CVE-2019-0220", "CVE-2018-19362", "CVE-2015-9251", "CVE-2019-2768", "CVE-2019-5598", "CVE-2019-2839", "CVE-2019-2484", "CVE-2019-2842", "CVE-2019-2793", "CVE-2019-12086", "CVE-2018-1000120", "CVE-2019-2867", "CVE-2019-2824", "CVE-2018-0732", "CVE-2019-2740", "CVE-2019-2818", "CVE-2016-7103", "CVE-2019-2743", "CVE-2018-11055", "CVE-2018-1000180", "CVE-2019-2672", "CVE-2018-1304", "CVE-2019-2855", "CVE-2018-17960", "CVE-2019-2795", "CVE-2019-2798", "CVE-2019-11358", "CVE-2019-2788", "CVE-2019-2825", "CVE-2019-0217", "CVE-2019-2802", "CVE-2019-2814", "CVE-2019-2811", "CVE-2015-0227", "CVE-2019-2878", "CVE-2019-2807", "CVE-2019-2784", "CVE-2018-1275", "CVE-2019-2856", "CVE-2019-2879", "CVE-2018-7489", "CVE-2018-19361", "CVE-2016-6306", "CVE-2019-2838", "CVE-2019-2770", "CVE-2019-2785", "CVE-2019-2762", "CVE-2016-2183", "CVE-2019-2799", "CVE-2018-0734", "CVE-2019-2817", "CVE-2018-5407", "CVE-2019-0190", "CVE-2019-2736", "CVE-2016-9878", "CVE-2017-3735", "CVE-2019-2781", "CVE-2019-7317", "CVE-2018-15756", "CVE-2018-1271", "CVE-2018-14719", "CVE-2016-3473", "CVE-2019-2599", "CVE-2019-3823", "CVE-2019-6129", "CVE-2019-2764", "CVE-2018-1000121", "CVE-2019-2808", "CVE-2019-2833", "CVE-2019-2749", "CVE-2018-11039", "CVE-2019-2731", "CVE-2019-2758", "CVE-2019-2845", "CVE-2019-2816", "CVE-2019-2761", "CVE-2019-2850", "CVE-2019-2830", "CVE-2019-2847", "CVE-2018-11307", "CVE-2019-0192", "CVE-2019-0211", "CVE-2018-14720", "CVE-2019-2805", "CVE-2019-2854", "CVE-2019-2782", "CVE-2019-2810", "CVE-2018-18311", "CVE-2019-2748", "CVE-2019-2754", "CVE-2019-2778", "CVE-2019-2852", "CVE-2019-2826", "CVE-2019-2862", "CVE-2019-2789", "CVE-2019-2759", "CVE-2016-0701", "CVE-2019-0232", "CVE-2017-3737", "CVE-2019-2732", "CVE-2019-2745", "CVE-2019-12814", "CVE-2019-2860", "CVE-2019-2737", "CVE-2019-2777", "CVE-2018-12022", "CVE-2019-2877", "CVE-2016-1182", "CVE-2018-1258", "CVE-2019-2837", "CVE-2019-0199", "CVE-2019-2841", "CVE-2019-2776", "CVE-2018-1000122", "CVE-2019-2730", "CVE-2018-1305", "CVE-2019-2666", "CVE-2019-2763", "CVE-2019-2846", "CVE-2019-2790", "CVE-2019-2848", "CVE-2018-11057", "CVE-2015-0226", "CVE-2018-16890", "CVE-2019-1543", "CVE-2016-8610", "CVE-2019-2733", "CVE-2019-2752", "CVE-2018-1000873", "CVE-2018-11056", "CVE-2018-11775", "CVE-2018-0735", "CVE-2017-5647", "CVE-2019-2829", "CVE-2019-2751", "CVE-2018-1257", "CVE-2017-5715", "CVE-2019-2738", "CVE-2018-14721", "CVE-2019-2803", "CVE-2019-2767", "CVE-2019-2775", "CVE-2019-2727", "CVE-2016-6497", "CVE-2019-2668", "CVE-2018-3111", "CVE-2014-0114", "CVE-2019-2823", "CVE-2018-3315", "CVE-2019-0215", "CVE-2019-2821", "CVE-2019-5597", "CVE-2018-0739", "CVE-2019-2771", "CVE-2019-2843", "CVE-2019-2861", "CVE-2018-8034", "CVE-2018-15769", "CVE-2019-2757", "CVE-2019-2831", "CVE-2019-2865", "CVE-2019-2815", "CVE-2019-2796", "CVE-2018-1000613", "CVE-2016-9572", "CVE-2019-0197", "CVE-2019-2747", "CVE-2019-2739", "CVE-2019-2797", "CVE-2018-8013", "CVE-2019-2866", "CVE-2019-2769", "CVE-2019-0196", "CVE-2018-1272", "CVE-2019-2741", "CVE-2017-7525", "CVE-2019-2840", "CVE-2019-2835", "CVE-2019-2783", "CVE-2017-3164", "CVE-2018-1270", "CVE-2019-2809", "CVE-2019-2728", "CVE-2017-5664", "CVE-2019-2772", "CVE-2019-2791", "CVE-2016-5007", "CVE-2019-2875", "CVE-2019-2760", "CVE-2018-19360", "CVE-2018-0733", "CVE-2018-17199", "CVE-2016-1181", "CVE-2019-2792", "CVE-2019-2774", "CVE-2019-2812", "CVE-2016-8735", "CVE-2019-2836", "CVE-2018-17189", "CVE-2019-2859", "CVE-2017-14735", "CVE-2017-3738", "CVE-2019-2750", "CVE-2019-0222", "CVE-2019-2779", "CVE-2019-2766", "CVE-2019-2804", "CVE-2019-2871", "CVE-2018-11058", "CVE-2019-2744", "CVE-2019-2725", "CVE-2019-2746", "CVE-2019-2868", "CVE-2019-1559", "CVE-2018-3316", "CVE-2018-17197", "CVE-2018-11784", "CVE-2017-5645", "CVE-2019-2800", "CVE-2019-3822", "CVE-2019-2569", "CVE-2019-2870", "CVE-2019-2873", "CVE-2019-2827", "CVE-2019-2735", "CVE-2017-3736", "CVE-2019-2813", "CVE-2019-2864", "CVE-2019-2828", "CVE-2019-2869", "CVE-2019-2780", "CVE-2019-2834", "CVE-2018-0737", "CVE-2019-2742", "CVE-2019-2844", "CVE-2019-2786", "CVE-2019-2876", "CVE-2019-2822", "CVE-2018-2883", "CVE-2019-2819", "CVE-2017-15095", "CVE-2018-11040", "CVE-2019-2561", "CVE-2019-2858", "CVE-2019-2755", "CVE-2018-11054", "CVE-2019-2801", "CVE-2016-6814", "CVE-2018-9861", "CVE-2019-2857", "CVE-2016-1000031", "CVE-2018-1000301", "CVE-2019-2874", "CVE-2019-2753", "CVE-2019-2756", "CVE-2018-12023", "CVE-2019-2787", "CVE-2018-8039", "CVE-2019-2773", "CVE-2019-2729", "CVE-2019-2863", "CVE-2019-2832"], "modified": "2019-08-16T00:00:00", "id": "ORACLE:CPUJUL2019-5072835", "href": "https://www.oracle.com/security-alerts/cpujul2019.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T15:44:21", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 319 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2559985.1>).\n\n** Please note that since the release of the April 2019 Critical Patch Update, Oracle has released two Security Alerts for Oracle WebLogic Server: CVE-2019-2725 (April 29, 2019) and CVE-2019-2729 (June 18, 2019). WebLogic Server customers are strongly advised to apply the fixes contained in this Critical Patch Update, which provides the fixes for the previously-released Alerts as well as additional fixes.**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2019-07-16T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - July 2019", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114", "CVE-2015-0226", "CVE-2015-0227", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2183", "CVE-2016-3473", "CVE-2016-5007", "CVE-2016-6306", "CVE-2016-6497", "CVE-2016-6814", "CVE-2016-7103", "CVE-2016-8610", "CVE-2016-8735", "CVE-2016-9572", "CVE-2016-9878", "CVE-2017-14735", "CVE-2017-15095", "CVE-2017-3164", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-5645", "CVE-2017-5647", "CVE-2017-5664", "CVE-2017-5715", "CVE-2017-7525", "CVE-2018-0732", "CVE-2018-0733", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000180", "CVE-2018-1000301", "CVE-2018-1000613", "CVE-2018-1000873", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-11775", "CVE-2018-11784", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-16890", "CVE-2018-17189", "CVE-2018-17197", "CVE-2018-17199", "CVE-2018-17960", "CVE-2018-18311", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-2883", "CVE-2018-3111", "CVE-2018-3315", "CVE-2018-3316", "CVE-2018-5407", "CVE-2018-7489", "CVE-2018-8013", "CVE-2018-8034", "CVE-2018-8039", "CVE-2018-9861", "CVE-2019-0190", "CVE-2019-0192", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0199", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0222", "CVE-2019-0232", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12814", "CVE-2019-1543", "CVE-2019-1559", "CVE-2019-2484", "CVE-2019-2561", "CVE-2019-2569", "CVE-2019-2599", "CVE-2019-2666", "CVE-2019-2668", "CVE-2019-2672", "CVE-2019-2725", "CVE-2019-2727", "CVE-2019-2728", "CVE-2019-2729", "CVE-2019-2730", "CVE-2019-2731", "CVE-2019-2732", "CVE-2019-2733", "CVE-2019-2735", "CVE-2019-2736", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2741", "CVE-2019-2742", "CVE-2019-2743", "CVE-2019-2744", "CVE-2019-2745", "CVE-2019-2746", "CVE-2019-2747", "CVE-2019-2748", "CVE-2019-2749", "CVE-2019-2750", "CVE-2019-2751", "CVE-2019-2752", "CVE-2019-2753", "CVE-2019-2754", "CVE-2019-2755", "CVE-2019-2756", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2759", "CVE-2019-2760", "CVE-2019-2761", "CVE-2019-2762", "CVE-2019-2763", "CVE-2019-2764", "CVE-2019-2766", "CVE-2019-2767", "CVE-2019-2768", "CVE-2019-2769", "CVE-2019-2770", "CVE-2019-2771", "CVE-2019-2772", "CVE-2019-2773", "CVE-2019-2774", "CVE-2019-2775", "CVE-2019-2776", "CVE-2019-2777", "CVE-2019-2778", "CVE-2019-2779", "CVE-2019-2780", "CVE-2019-2781", "CVE-2019-2782", "CVE-2019-2783", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2786", "CVE-2019-2787", "CVE-2019-2788", "CVE-2019-2789", "CVE-2019-2790", "CVE-2019-2791", "CVE-2019-2792", "CVE-2019-2793", "CVE-2019-2794", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2799", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2804", "CVE-2019-2805", "CVE-2019-2807", "CVE-2019-2808", "CVE-2019-2809", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2813", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2816", "CVE-2019-2817", "CVE-2019-2818", "CVE-2019-2819", "CVE-2019-2820", "CVE-2019-2821", "CVE-2019-2822", "CVE-2019-2823", "CVE-2019-2824", "CVE-2019-2825", "CVE-2019-2826", "CVE-2019-2827", "CVE-2019-2828", "CVE-2019-2829", "CVE-2019-2830", "CVE-2019-2831", "CVE-2019-2832", "CVE-2019-2833", "CVE-2019-2834", "CVE-2019-2835", "CVE-2019-2836", "CVE-2019-2837", "CVE-2019-2838", "CVE-2019-2839", "CVE-2019-2840", "CVE-2019-2841", "CVE-2019-2842", "CVE-2019-2843", "CVE-2019-2844", "CVE-2019-2845", "CVE-2019-2846", "CVE-2019-2847", "CVE-2019-2848", "CVE-2019-2850", "CVE-2019-2852", "CVE-2019-2853", "CVE-2019-2854", "CVE-2019-2855", "CVE-2019-2856", "CVE-2019-2857", "CVE-2019-2858", "CVE-2019-2859", "CVE-2019-2860", "CVE-2019-2861", "CVE-2019-2862", "CVE-2019-2863", "CVE-2019-2864", "CVE-2019-2865", "CVE-2019-2866", "CVE-2019-2867", "CVE-2019-2868", "CVE-2019-2869", "CVE-2019-2870", "CVE-2019-2871", "CVE-2019-2873", "CVE-2019-2874", "CVE-2019-2875", "CVE-2019-2876", "CVE-2019-2877", "CVE-2019-2878", "CVE-2019-2879", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-5597", "CVE-2019-5598", "CVE-2019-6129", "CVE-2019-7317"], "modified": "2020-10-12T00:00:00", "id": "ORACLE:CPUJUL2019", "href": "https://www.oracle.com/security-alerts/cpujul2019.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
CVE-2019-2780
