PT-2026-3715

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 8.0.0 through 8.0.44 Oracle MySQL versions 8.4.0 through 8.4.7 Oracle MySQL versions 9.0.0 through 9.5.0 Description An issue exists in the Server: Optimizer component of Oracle MySQL Server. The problem is related to...

Oracle MySQL security vulnerabilities

Oracle MySQL is an open-source relational database management system developed by Oracle Corporation in the United States. The MySQL Server is one of the database server components of Oracle MySQL. There were security vulnerabilities in the MySQL Server versions 9.0.0 to 9.5.0 of Oracle MySQL...

MiracleLinux 9 : mysql-8.0.30-3.el9.ML.1 (AXSA:2022-4334:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4334:03 advisory. mysql: Server: Optimizer multiple unspecified vulnerabilities CPU Apr 2022 CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436,...

MiracleLinux 8 : mariadb-connector-c-3.1.11-2.el8 (AXSA:2021-1464:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1464:01 advisory. mysql: C API unspecified vulnerability CPU Apr 2020 CVE-2020-2752 mysql: C API unspecified vulnerability CPU Apr 2020 CVE-2020-2922...

MiracleLinux 8 : mysql:8.0 (AXSA:2023-6211:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6211:01 advisory. mysql: Server: Security: Privileges unspecified vulnerability CPU Apr 2023 CVE-2023-21912 mysql: Server: Optimizer unspecified vulnerability CPU Oct...

Fedora 42 : mysql8.0 (2026-f9c97702ca)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f9c97702ca advisory. MySQL 8.0.44 Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-44.html Tenable has extracted the preceding description block directly...

Fedora 42 : mysql8.4 (2026-942d35ff10)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-942d35ff10 advisory. MySQL 8.4.7 Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-7.html Tenable has extracted the preceding description block...

MiracleLinux 7 : php-5.4.16-48.0.5.el7.AXS7 (AXSA:2025-9709:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9709:01 advisory. CVE-2024-8929: fix various heap buffer over-reads CVEs: CVE-2024-8929 In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, a hostile...

PT-2026-3679

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 9.0.0 through 9.5.0 Description A flaw exists in the MySQL Server component, specifically the Parser. A low-privileged attacker with network access can exploit this issue through multiple protocols to cause a...

MiracleLinux 7 : rh-mysql80-mysql-8.0.17-1.el7 (AXSA:2020-4497:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4497:03 advisory. mysql: Server: Replication multiple unspecified vulnerabilities CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614,...

MiracleLinux 9 : python3.11-PyMySQL-1.0.2-2.el9 (AXSA:2024-9378:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9378:02 advisory. python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : mysql-8.0.36-1.el9_3.ML.1 (AXSA:2024-7606:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7606:01 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2023 CVE-2023-21911 mysql: Server: DDL unspecified vulnerability CPU Apr 2023 CVE-2023-21919,...

MiracleLinux 8 : python3.11-PyMySQL-1.0.2-2.el8_10 (AXSA:2024-8537:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8537:01 advisory. python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : rh-mariadb103-galera-25.3.35-1.el7, rh-mariadb103-mariadb-10.3.35-1.el7 (AXSA:2022-3784:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3784:01 advisory. mariadb: MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint use-after-free when the BIGINT data type is used CVE-2021-46669 mysq...

MiracleLinux 9 : mysql-8.0.32-1.el9.ML.1 (AXSA:2023-6090:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6090:01 advisory. mysql: Server: Security: Privileges unspecified vulnerability CPU Apr 2023 CVE-2023-21912 mysql: Server: Optimizer unspecified vulnerability CPU Oct...

MiracleLinux 8 : mysql:8.0 (AXSA:2024-7561:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7561:01 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2023 CVE-2023-21911 mysql: Server: DDL unspecified vulnerability CPU Apr 2023 CVE-2023-21919,...

MiracleLinux 9 : mysql-8.0.41-2.el9_5.ML.1 (AXSA:2025-9701:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9701:03 advisory. openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date parser overread...

MiracleLinux 8 : mysql:8.0 (AXSA:2021-2443:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2443:01 advisory. mysql: Server: Stored Procedure multiple vulnerabilities CVE-2020-14672, CVE-2021-2046, CVE-2021-2072, CVE-2021-2081, CVE-2021-2215, CVE-2021-2217,...

MiracleLinux 8 : mysql:8.0 (AXSA:2020-844:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-844:01 advisory. mysql: Server: Security: Privileges multiple unspecified vulnerabilities CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the application to hang or crash repeatedly by sending crafted requests over multiple protocols with high privileges. Remediation...