Detections
Analytics
RHEL 8 : mysql:8.0 (RHSA-2020:3757)
high Nessus Plugin ID 140599
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3757 advisory.- mysql: Information Schema unspecified vulnerability (CPU Oct 2019) (CVE-2019-2911)
- mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) (CVE-2019-2914, CVE-2019-2957)
- mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018)
- mysql: Server: PS unspecified vulnerability (CPU Oct 2019) (CVE-2019-2946)
- mysql: Server: Replication unspecified vulnerability (CPU Oct 2019) (CVE-2019-2960)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998)
- mysql: Server: C API unspecified vulnerability (CPU Oct 2019) (CVE-2019-2993, CVE-2019-3011)
- mysql: Server: DDL unspecified vulnerability (CPU Oct 2019) (CVE-2019-2997)
- mysql: Server: Parser unspecified vulnerability (CPU Oct 2019) (CVE-2019-3004)
- mysql: Server: Connection unspecified vulnerability (CPU Oct 2019) (CVE-2019-3009)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) (CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725)
- mysql: Server: DML unspecified vulnerability (CPU Jul 2020) (CVE-2020-14540, CVE-2020-14575, CVE-2020-14620)
- mysql: C API unspecified vulnerability (CPU Jul 2020) (CVE-2020-14550)
- mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020) (CVE-2020-14553)
- mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020) (CVE-2020-14559)
- mysql: Server: Replication unspecified vulnerability (CPU Jul 2020) (CVE-2020-14567)
- mysql: InnoDB unspecified vulnerability (CPU Jul 2020) (CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634)
- mysql: Server: UDF unspecified vulnerability (CPU Jul 2020) (CVE-2020-14576)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) (CVE-2020-14586, CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-14702)
- mysql: Server: Parser unspecified vulnerability (CPU Jul 2020) (CVE-2020-14619)
- mysql: Server: JSON unspecified vulnerability (CPU Jul 2020) (CVE-2020-14624)
- mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2020) (CVE-2020-14631)
- mysql: Server: Options unspecified vulnerability (CPU Jul 2020) (CVE-2020-14632)
- mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651)
- mysql: Server: Locking unspecified vulnerability (CPU Jul 2020) (CVE-2020-14656)
- mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2020) (CVE-2020-14799)
- mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2570, CVE-2020-2573, CVE-2020-2574)
- mysql: InnoDB unspecified vulnerability (CPU Jan 2020) (CVE-2020-2577, CVE-2020-2589)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) (CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686)
- mysql: Server: DDL unspecified vulnerability (CPU Jan 2020) (CVE-2020-2580)
- mysql: Server: Options unspecified vulnerability (CPU Jan 2020) (CVE-2020-2584)
- mysql: Server: DML unspecified vulnerability (CPU Jan 2020) (CVE-2020-2588)
- mysql: Server: Parser unspecified vulnerability (CPU Jan 2020) (CVE-2020-2627)
- mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020) (CVE-2020-2694)
- mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752, CVE-2020-2922)
- mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) (CVE-2020-2759, CVE-2020-2763)
- mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) (CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853)
- mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) (CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928)
- mysql: Server: Logging unspecified vulnerability (CPU Apr 2020) (CVE-2020-2770)
- mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)
- mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020) (CVE-2020-2804)
- mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)
- mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2020) (CVE-2020-2896)
- mysql: Server: Charsets unspecified vulnerability (CPU Apr 2020) (CVE-2020-2898)
- mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2020) (CVE-2020-2903)
- mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2020) (CVE-2020-2921)
- mysql: Server: PS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2925)
- mysql: Server: Group Replication GCS unspecified vulnerability (CPU Apr 2020) (CVE-2020-2926)
- mysql: Server: Parser unspecified vulnerability (CPU Apr 2020) (CVE-2020-2930)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2021) (CVE-2021-1998, CVE-2021-2016, CVE-2021-2020)
- mysql: C API unspecified vulnerability (CPU Jan 2021) (CVE-2021-2006, CVE-2021-2007)
- mysql: Server: Security: Roles unspecified vulnerability (CPU Jan 2021) (CVE-2021-2009)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2021) (CVE-2021-2012, CVE-2021-2019)
- mysql: Server: Parser unspecified vulnerability (CPU Apr 2021) (CVE-2021-2144)
- mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021) (CVE-2021-2160)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://access.redhat.com/security/cve/CVE-2019-2911
https://access.redhat.com/security/cve/CVE-2019-2914
https://access.redhat.com/security/cve/CVE-2019-2938
https://access.redhat.com/security/cve/CVE-2019-2946
https://access.redhat.com/security/cve/CVE-2019-2957
https://access.redhat.com/security/cve/CVE-2019-2960
https://access.redhat.com/security/cve/CVE-2019-2963
https://access.redhat.com/security/cve/CVE-2019-2966
https://access.redhat.com/security/cve/CVE-2019-2967
https://access.redhat.com/security/cve/CVE-2019-2968
https://access.redhat.com/security/cve/CVE-2019-2974
https://access.redhat.com/security/cve/CVE-2020-2763
https://access.redhat.com/security/cve/CVE-2020-2765
https://access.redhat.com/security/cve/CVE-2020-2770
https://access.redhat.com/security/cve/CVE-2020-2774
https://access.redhat.com/security/cve/CVE-2020-2779
https://access.redhat.com/security/cve/CVE-2020-2780
https://access.redhat.com/security/cve/CVE-2020-2804
https://access.redhat.com/security/cve/CVE-2020-2812
https://access.redhat.com/security/cve/CVE-2020-2814
https://access.redhat.com/security/cve/CVE-2020-2853
https://access.redhat.com/security/cve/CVE-2020-2892
https://access.redhat.com/security/cve/CVE-2020-2893
https://access.redhat.com/security/cve/CVE-2020-2895
https://access.redhat.com/security/cve/CVE-2020-2896
https://access.redhat.com/security/cve/CVE-2020-2897
https://access.redhat.com/security/cve/CVE-2020-2898
https://access.redhat.com/security/cve/CVE-2020-2901
https://access.redhat.com/security/cve/CVE-2020-2903
https://access.redhat.com/security/cve/CVE-2020-2904
https://access.redhat.com/security/cve/CVE-2020-2921
https://access.redhat.com/security/cve/CVE-2020-2922
https://access.redhat.com/security/cve/CVE-2020-2923
https://access.redhat.com/security/cve/CVE-2020-2924
https://access.redhat.com/security/cve/CVE-2020-2925
https://access.redhat.com/security/cve/CVE-2020-2926
https://access.redhat.com/security/cve/CVE-2020-2928
https://access.redhat.com/security/cve/CVE-2020-2930
https://access.redhat.com/security/cve/CVE-2020-14539
https://access.redhat.com/security/cve/CVE-2020-14799
https://access.redhat.com/security/cve/CVE-2021-1998
https://access.redhat.com/security/cve/CVE-2021-2006
https://access.redhat.com/security/cve/CVE-2021-2007
https://access.redhat.com/security/cve/CVE-2021-2009
https://access.redhat.com/security/cve/CVE-2021-2012
https://access.redhat.com/security/cve/CVE-2021-2016
https://access.redhat.com/security/cve/CVE-2021-2019
https://access.redhat.com/security/cve/CVE-2021-2020
https://access.redhat.com/security/cve/CVE-2021-2144
https://access.redhat.com/security/cve/CVE-2021-2160
https://access.redhat.com/errata/RHSA-2020:3757
https://bugzilla.redhat.com/1764675
https://bugzilla.redhat.com/1764676
https://bugzilla.redhat.com/1764680
https://bugzilla.redhat.com/1764681
https://bugzilla.redhat.com/1764684
https://bugzilla.redhat.com/1764685
https://bugzilla.redhat.com/1830054
https://bugzilla.redhat.com/1830055
https://bugzilla.redhat.com/1830056
https://bugzilla.redhat.com/1830058
https://bugzilla.redhat.com/1830059
https://bugzilla.redhat.com/1830060
https://bugzilla.redhat.com/1830061
https://bugzilla.redhat.com/1830062
https://bugzilla.redhat.com/1830064
https://bugzilla.redhat.com/1830066
https://bugzilla.redhat.com/1830067
https://bugzilla.redhat.com/1830068
https://bugzilla.redhat.com/1830069
https://bugzilla.redhat.com/1830070
https://bugzilla.redhat.com/1830071
https://bugzilla.redhat.com/1830072
https://bugzilla.redhat.com/1830073
https://bugzilla.redhat.com/1830074
https://bugzilla.redhat.com/1830075
https://bugzilla.redhat.com/1830076
https://bugzilla.redhat.com/1830077
https://bugzilla.redhat.com/1830078
https://bugzilla.redhat.com/1830079
https://bugzilla.redhat.com/1830082
https://bugzilla.redhat.com/1835849
https://bugzilla.redhat.com/1835850
https://bugzilla.redhat.com/1865945
https://bugzilla.redhat.com/1865947
https://bugzilla.redhat.com/1865948
https://bugzilla.redhat.com/1865949
https://bugzilla.redhat.com/1865950
https://bugzilla.redhat.com/1865951
https://bugzilla.redhat.com/1865952
https://bugzilla.redhat.com/1865953
https://bugzilla.redhat.com/1865954
https://bugzilla.redhat.com/1865955
https://bugzilla.redhat.com/1865956
https://bugzilla.redhat.com/1865958
https://bugzilla.redhat.com/1865959
https://bugzilla.redhat.com/1865960
https://bugzilla.redhat.com/1865961
https://bugzilla.redhat.com/1865962
https://bugzilla.redhat.com/1865963
https://bugzilla.redhat.com/1865964
https://bugzilla.redhat.com/1865965
https://bugzilla.redhat.com/1865966
https://bugzilla.redhat.com/1865967
https://bugzilla.redhat.com/1865968
https://bugzilla.redhat.com/1865969
https://bugzilla.redhat.com/1865970
https://bugzilla.redhat.com/1865971
https://bugzilla.redhat.com/1865972
https://bugzilla.redhat.com/1865973
https://bugzilla.redhat.com/1865974
https://bugzilla.redhat.com/1865975
https://bugzilla.redhat.com/1865976
https://bugzilla.redhat.com/1865977
https://bugzilla.redhat.com/1865982
https://bugzilla.redhat.com/1890752
https://bugzilla.redhat.com/1922378
https://bugzilla.redhat.com/1922381
https://bugzilla.redhat.com/1922382
https://bugzilla.redhat.com/1922386
https://bugzilla.redhat.com/1922387
https://bugzilla.redhat.com/1922420
https://bugzilla.redhat.com/1922422
https://bugzilla.redhat.com/1922424
https://bugzilla.redhat.com/1951749
https://bugzilla.redhat.com/1952806
https://access.redhat.com/security/cve/CVE-2019-2982
https://access.redhat.com/security/cve/CVE-2019-2991
https://access.redhat.com/security/cve/CVE-2019-2993
https://access.redhat.com/security/cve/CVE-2019-2997
https://access.redhat.com/security/cve/CVE-2019-2998
https://access.redhat.com/security/cve/CVE-2019-3004
https://access.redhat.com/security/cve/CVE-2019-3009
https://access.redhat.com/security/cve/CVE-2019-3011
https://access.redhat.com/security/cve/CVE-2019-3018
https://access.redhat.com/security/cve/CVE-2020-2570
https://access.redhat.com/security/cve/CVE-2020-2573
https://access.redhat.com/security/cve/CVE-2020-2574
https://access.redhat.com/security/cve/CVE-2020-2577
https://access.redhat.com/security/cve/CVE-2020-2579
https://access.redhat.com/security/cve/CVE-2020-2580
https://access.redhat.com/security/cve/CVE-2020-2584
https://access.redhat.com/security/cve/CVE-2020-2588
https://access.redhat.com/security/cve/CVE-2020-2589
https://access.redhat.com/security/cve/CVE-2020-2627
https://access.redhat.com/security/cve/CVE-2020-2660
https://access.redhat.com/security/cve/CVE-2020-2679
https://access.redhat.com/security/cve/CVE-2020-2686
https://access.redhat.com/security/cve/CVE-2020-2694
https://access.redhat.com/security/cve/CVE-2020-2752
https://access.redhat.com/security/cve/CVE-2020-2759
https://access.redhat.com/security/cve/CVE-2020-2760
https://access.redhat.com/security/cve/CVE-2020-2761
https://access.redhat.com/security/cve/CVE-2020-2762
https://access.redhat.com/security/cve/CVE-2020-14540
https://access.redhat.com/security/cve/CVE-2020-14547
https://access.redhat.com/security/cve/CVE-2020-14550
https://access.redhat.com/security/cve/CVE-2020-14553
https://access.redhat.com/security/cve/CVE-2020-14559
https://access.redhat.com/security/cve/CVE-2020-14567
https://access.redhat.com/security/cve/CVE-2020-14568
https://access.redhat.com/security/cve/CVE-2020-14575
https://access.redhat.com/security/cve/CVE-2020-14576
https://access.redhat.com/security/cve/CVE-2020-14586
https://access.redhat.com/security/cve/CVE-2020-14597
https://access.redhat.com/security/cve/CVE-2020-14614
https://access.redhat.com/security/cve/CVE-2020-14619
https://access.redhat.com/security/cve/CVE-2020-14620
https://access.redhat.com/security/cve/CVE-2020-14623
https://access.redhat.com/security/cve/CVE-2020-14624
https://access.redhat.com/security/cve/CVE-2020-14631
https://access.redhat.com/security/cve/CVE-2020-14632
https://access.redhat.com/security/cve/CVE-2020-14633
https://access.redhat.com/security/cve/CVE-2020-14634
https://access.redhat.com/security/cve/CVE-2020-14641
https://access.redhat.com/security/cve/CVE-2020-14643
https://access.redhat.com/security/cve/CVE-2020-14651
https://access.redhat.com/security/cve/CVE-2020-14654
https://access.redhat.com/security/cve/CVE-2020-14656
https://access.redhat.com/security/cve/CVE-2020-14663
https://access.redhat.com/security/cve/CVE-2020-14678
https://access.redhat.com/security/cve/CVE-2020-14680
https://access.redhat.com/security/cve/CVE-2020-14697
https://access.redhat.com/security/cve/CVE-2020-14702
https://access.redhat.com/security/cve/CVE-2020-14725
https://bugzilla.redhat.com/1764686
https://bugzilla.redhat.com/1764687
https://bugzilla.redhat.com/1764688
https://bugzilla.redhat.com/1764689
https://bugzilla.redhat.com/1764691
https://bugzilla.redhat.com/1764692
https://bugzilla.redhat.com/1764693
https://bugzilla.redhat.com/1764694
https://bugzilla.redhat.com/1764695
https://bugzilla.redhat.com/1764696
https://bugzilla.redhat.com/1764698
https://bugzilla.redhat.com/1764699
https://bugzilla.redhat.com/1764700
https://bugzilla.redhat.com/1764701
https://bugzilla.redhat.com/1796880
https://bugzilla.redhat.com/1796881
https://bugzilla.redhat.com/1796882
https://bugzilla.redhat.com/1796883
https://bugzilla.redhat.com/1796884
https://bugzilla.redhat.com/1796885
https://bugzilla.redhat.com/1796886
https://bugzilla.redhat.com/1796887
https://bugzilla.redhat.com/1796888
https://bugzilla.redhat.com/1796889
https://bugzilla.redhat.com/1796905
https://bugzilla.redhat.com/1798559
https://bugzilla.redhat.com/1798576
https://bugzilla.redhat.com/1798587
https://bugzilla.redhat.com/1830048
https://bugzilla.redhat.com/1830049
https://bugzilla.redhat.com/1830050
https://bugzilla.redhat.com/1830051
Plugin Details
Severity: High
ID: 140599
File Name: redhat-RHSA-2020-3757.nasl
Version: 1.9
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 9/15/2020
Updated: 5/25/2023
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS Score Source: CVE-2020-14697
CVSS v3
Risk Factor: High
Base Score: 7.2
Temporal Score: 6.3
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2021-2144
Vulnerability Information
CPE: cpe:/o:redhat:rhel_e4s:8.1, cpe:/o:redhat:rhel_eus:8.1, p-cpe:/a:redhat:enterprise_linux:mecab, p-cpe:/a:redhat:enterprise_linux:mecab-ipadic, p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-eucjp, p-cpe:/a:redhat:enterprise_linux:mysql, p-cpe:/a:redhat:enterprise_linux:mysql-common, p-cpe:/a:redhat:enterprise_linux:mysql-devel, p-cpe:/a:redhat:enterprise_linux:mysql-errmsg, p-cpe:/a:redhat:enterprise_linux:mysql-libs, p-cpe:/a:redhat:enterprise_linux:mysql-server, p-cpe:/a:redhat:enterprise_linux:mysql-test
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/15/2020
Vulnerability Publication Date: 10/15/2019
Reference Information
CVE: CVE-2019-2911, CVE-2019-2914, CVE-2019-2938, CVE-2019-2946, CVE-2019-2957, CVE-2019-2960, CVE-2019-2963, CVE-2019-2966, CVE-2019-2967, CVE-2019-2968, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2993, CVE-2019-2997, CVE-2019-2998, CVE-2019-3004, CVE-2019-3009, CVE-2019-3011, CVE-2019-3018, CVE-2020-14539, CVE-2020-14540, CVE-2020-14547, CVE-2020-14550, CVE-2020-14553, CVE-2020-14559, CVE-2020-14567, CVE-2020-14568, CVE-2020-14575, CVE-2020-14576, CVE-2020-14586, CVE-2020-14597, CVE-2020-14614, CVE-2020-14619, CVE-2020-14620, CVE-2020-14623, CVE-2020-14624, CVE-2020-14631, CVE-2020-14632, CVE-2020-14633, CVE-2020-14634, CVE-2020-14641, CVE-2020-14643, CVE-2020-14651, CVE-2020-14654, CVE-2020-14656, CVE-2020-14663, CVE-2020-14678, CVE-2020-14680, CVE-2020-14697, CVE-2020-14702, CVE-2020-14725, CVE-2020-14799, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574, CVE-2020-2577, CVE-2020-2579, CVE-2020-2580, CVE-2020-2584, CVE-2020-2588, CVE-2020-2589, CVE-2020-2627, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2694, CVE-2020-2752, CVE-2020-2759, CVE-2020-2760, CVE-2020-2761, CVE-2020-2762, CVE-2020-2763, CVE-2020-2765, CVE-2020-2770, CVE-2020-2774, CVE-2020-2779, CVE-2020-2780, CVE-2020-2804, CVE-2020-2812, CVE-2020-2814, CVE-2020-2853, CVE-2020-2892, CVE-2020-2893, CVE-2020-2895, CVE-2020-2896, CVE-2020-2897, CVE-2020-2898, CVE-2020-2901, CVE-2020-2903, CVE-2020-2904, CVE-2020-2921, CVE-2020-2922, CVE-2020-2923, CVE-2020-2924, CVE-2020-2925, CVE-2020-2926, CVE-2020-2928, CVE-2020-2930, CVE-2021-1998, CVE-2021-2006, CVE-2021-2007, CVE-2021-2009, CVE-2021-2012, CVE-2021-2016, CVE-2021-2019, CVE-2021-2020, CVE-2021-2144, CVE-2021-2160