A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

According to the versions of the zstd package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the     command line tool to cause buffer overrun. (CVE-2022-4899)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the zstd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the     command line tool to cause buffer overrun. (CVE-2022-4899)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-9ccff0b1b7 advisory.

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are     affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with     network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL     Server. (CVE-2023-21911)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions     that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker     with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-21919, CVE-2023-21933)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported     versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions     that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker     with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server     accessible data. (CVE-2023-21929)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).
    Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high     privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful     attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server. (CVE-2023-21940, CVE-2023-21947)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported     versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-21946)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported     versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-21953, CVE-2023-21955)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).
    Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high     privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful     attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server. (CVE-2023-21962)

  - A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the     command line tool to cause buffer overrun. (CVE-2022-4899)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported     versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-22005)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are     affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with     network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL     Server. (CVE-2023-22008)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are     affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with     network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL     Server. (CVE-2023-22033)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
    Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high     privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful     attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL     Server accessible data. (CVE-2023-22038)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported     versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported     versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.
    (CVE-2023-22048)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions     that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low     privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful     attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible     data. (CVE-2023-22053)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported     versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-22057)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions     that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker     with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-22058)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a9283d639f advisory.

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are     affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with     network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL     Server. (CVE-2023-21911)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions     that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker     with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-21919, CVE-2023-21933)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported     versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions     that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker     with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server     accessible data. (CVE-2023-21929)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).
    Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high     privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful     attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server. (CVE-2023-21940, CVE-2023-21947)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported     versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-21946)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported     versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-21953, CVE-2023-21955)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).
    Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high     privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful     attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server. (CVE-2023-21962)

  - A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the     command line tool to cause buffer overrun. (CVE-2022-4899)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported     versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-22005)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are     affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with     network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL     Server. (CVE-2023-22008)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are     affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with     network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL     Server. (CVE-2023-22033)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
    Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high     privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful     attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL     Server accessible data. (CVE-2023-22038)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported     versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported     versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.
    (CVE-2023-22048)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions     that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low     privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful     attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible     data. (CVE-2023-22053)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported     versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-22057)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions     that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker     with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-22058)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-492105ed08 advisory.

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are     affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with     network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL     Server. (CVE-2023-21911)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions     that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker     with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-21919, CVE-2023-21933)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported     versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions     that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker     with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server     accessible data. (CVE-2023-21929)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).
    Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high     privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful     attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server. (CVE-2023-21940, CVE-2023-21947)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported     versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-21946)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported     versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-21953, CVE-2023-21955)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).
    Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high     privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful     attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server. (CVE-2023-21962)

  - A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the     command line tool to cause buffer overrun. (CVE-2022-4899)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported     versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-22005)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are     affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with     network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL     Server. (CVE-2023-22008)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are     affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with     network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL     Server. (CVE-2023-22033)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
    Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high     privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful     attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL     Server accessible data. (CVE-2023-22038)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported     versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported     versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.
    (CVE-2023-22048)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions     that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low     privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful     attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible     data. (CVE-2023-22053)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported     versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-22057)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions     that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker     with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-22058)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 759a5599-3ce8-11ee-a0d1-84a93843eb75 advisory.

  - A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the     command line tool to cause buffer overrun. (CVE-2022-4899)

  - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This     side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a     Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large     amount of specially crafted messages to the vulnerable server. By recovering the secret from the     ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that     connection. (CVE-2023-0361)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported     versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-21950)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported     versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-22005)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported     versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability     allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently     repeatable crash (complete DOS) of MySQL Server. (CVE-2023-22007)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are     affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with     network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL     Server. (CVE-2023-22008)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are     affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with     network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL     Server. (CVE-2023-22033)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
    Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high     privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful     attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL     Server accessible data. (CVE-2023-22038)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported     versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported     versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.
    (CVE-2023-22048)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions     that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low     privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful     attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible     data. (CVE-2023-22053)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported     versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-22057)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions     that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker     with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2023-22058)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-244 advisory.

  - A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the     command line tool to cause buffer overrun. (CVE-2022-4899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of zstd installed on the remote host is prior to 1.5.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2140 advisory.

  - A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the     command line tool to cause buffer overrun. (CVE-2022-4899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory.

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported     versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Easily exploitable vulnerability allows     unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks     require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result     in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-2650)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling (Zstandard)).
    Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of     MySQL Server. (CVE-2022-4899)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are     affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network     access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in     unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-22008)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1688-1 advisory.

  - A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the     command line tool to cause buffer overrun. (CVE-2022-4899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-7fd02c2367 advisory.

  - buffer overrun in util.c [fedora-all] (CVE-2022-4899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-d451c1919f advisory.

  - buffer overrun in util.c [fedora-all] (CVE-2022-4899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-af177441a9 advisory.

  - buffer overrun in util.c [fedora-all] (CVE-2022-4899)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
191718	AlmaLinux 9 : mysql (ALSA-2024:1141)	Nessus	Alma Linux Local Security Checks	high
191673	Oracle Linux 9 : mysql (ELSA-2024-1141)	Nessus	Oracle Linux Local Security Checks	high
191573	RHEL 9 : mysql (RHSA-2024:1141)	Nessus	Red Hat Local Security Checks	high
190901	AlmaLinux 8 : mysql:8.0 (ALSA-2024:0894)	Nessus	Alma Linux Local Security Checks	high
190885	Oracle Linux 8 : mysql:8.0 (ELSA-2024-0894)	Nessus	Oracle Linux Local Security Checks	high
190767	RHEL 8 : mysql:8.0 (RHSA-2024:0894)	Nessus	Red Hat Local Security Checks	high
188552	EulerOS Virtualization 2.11.0 : zstd (EulerOS-SA-2023-3388)	Nessus	Huawei Local Security Checks	high
188507	EulerOS Virtualization 2.11.1 : zstd (EulerOS-SA-2023-3370)	Nessus	Huawei Local Security Checks	high
188273	EulerOS 2.0 SP11 : zstd (EulerOS-SA-2023-3023)	Nessus	Huawei Local Security Checks	high
188264	EulerOS 2.0 SP11 : zstd (EulerOS-SA-2023-3046)	Nessus	Huawei Local Security Checks	high
185236	Fedora 39 : community-mysql (2023-9ccff0b1b7)	Nessus	Fedora Local Security Checks	medium
181491	Fedora 37 : community-mysql (2023-a9283d639f)	Nessus	Fedora Local Security Checks	medium
181486	Fedora 38 : community-mysql (2023-492105ed08)	Nessus	Fedora Local Security Checks	medium
179945	FreeBSD : MySQL -- Multiple vulnerabilities (759a5599-3ce8-11ee-a0d1-84a93843eb75)	Nessus	FreeBSD Local Security Checks	high
178614	Amazon Linux 2023 : libzstd, libzstd-devel, libzstd-static (ALAS2023-2023-244)	Nessus	Amazon Linux Local Security Checks	high
178559	Amazon Linux 2 : zstd (ALAS-2023-2140)	Nessus	Amazon Linux Local Security Checks	high
178471	Oracle MySQL Server 8.0.x < 8.0.34 (October 2023 CPU)	Nessus	Databases	medium
173701	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : zstd (SUSE-SU-2023:1688-1)	Nessus	SuSE Local Security Checks	high
173671	Fedora 37 : mingw-zstd (2023-7fd02c2367)	Nessus	Fedora Local Security Checks	high
173664	Fedora 38 : mingw-zstd (2023-d451c1919f)	Nessus	Fedora Local Security Checks	high
173658	Fedora 36 : mingw-zstd (2023-af177441a9)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2022-4899

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

medium

medium

medium

high

high

high

medium

high

high

high

high