Detections
Analytics

RHEL 7 : rh-mysql80-mysql (RHSA-2024:2619)

high Nessus Plugin ID 194842

Language:

Synopsis

The remote Red Hat host is missing one or more security updates for rh-mysql80-mysql.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2619 advisory.

 - A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. (CVE-2022-4899)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-21911, CVE-2023-22104)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-21919, CVE-2023-21933)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2023-21929)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).
 Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-21940, CVE-2023-21947)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-21946)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-21953, CVE-2023-21955)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).
 Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-21962)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-21966)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-21972)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. (CVE-2023-21980)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-22005)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
 Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-22007)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-22008)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-22032, CVE-2023-22070, CVE-2023-22078, CVE-2023-22103)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-22033)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
 Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2023-22038)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056, CVE-2023-22065, CVE-2023-22110)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.
 (CVE-2023-22048)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. (CVE-2023-22053)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-22057)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-22058)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-22059)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-22064, CVE-2023-22092, CVE-2023-22112)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-22066, CVE-2023-22068, CVE-2023-22097, CVE-2023-22114)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-22079)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-22084)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-22111)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
 Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. (CVE-2023-22113)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-22115)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2024-20960)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.
 Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2024-20961, CVE-2024-20962, CVE-2024-20973, CVE-2024-20977)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
 Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2024-20963)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
 Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2024-20964)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
 Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20974, CVE-2024-20976, CVE-2024-20978, CVE-2024-20982, CVE-2024-20993)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
 Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2024-20967)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2024-20968)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2024-20969)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2024-20981)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2024-20983, CVE-2024-21049, CVE-2024-21050, CVE-2024-21051, CVE-2024-21052, CVE-2024-21053, CVE-2024-21056)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall).
 Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2024-20984)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2024-20985)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2024-21015)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2024-21055, CVE-2024-21057)

 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
 Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2024-21061)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL rh-mysql80-mysql package based on the guidance in RHSA-2024:2619.

See Also

https://access.redhat.com/security/cve/CVE-2023-21920

https://access.redhat.com/security/cve/CVE-2023-21929

https://access.redhat.com/security/cve/CVE-2023-21933

https://access.redhat.com/security/cve/CVE-2023-21935

https://access.redhat.com/security/cve/CVE-2023-21940

https://access.redhat.com/security/cve/CVE-2023-21945

https://access.redhat.com/security/cve/CVE-2023-21946

https://access.redhat.com/security/cve/CVE-2023-21947

https://access.redhat.com/security/cve/CVE-2023-21953

https://access.redhat.com/security/cve/CVE-2023-21955

https://access.redhat.com/security/cve/CVE-2023-21962

https://access.redhat.com/security/cve/CVE-2023-22084

https://access.redhat.com/security/cve/CVE-2023-22092

https://access.redhat.com/security/cve/CVE-2023-22097

https://access.redhat.com/security/cve/CVE-2023-22103

https://access.redhat.com/security/cve/CVE-2023-22104

https://access.redhat.com/security/cve/CVE-2023-22110

https://access.redhat.com/security/cve/CVE-2023-22111

https://access.redhat.com/security/cve/CVE-2023-22112

https://access.redhat.com/security/cve/CVE-2023-22113

https://access.redhat.com/security/cve/CVE-2023-22114

https://access.redhat.com/security/cve/CVE-2023-22115

https://access.redhat.com/security/cve/CVE-2024-20960

https://access.redhat.com/security/cve/CVE-2024-20961

https://access.redhat.com/security/cve/CVE-2024-20962

https://access.redhat.com/security/cve/CVE-2024-20963

https://access.redhat.com/security/cve/CVE-2024-20964

https://access.redhat.com/security/cve/CVE-2024-20965

https://access.redhat.com/security/cve/CVE-2024-20966

https://access.redhat.com/security/cve/CVE-2024-20967

https://access.redhat.com/security/cve/CVE-2024-20968

https://access.redhat.com/security/cve/CVE-2024-20969

https://access.redhat.com/security/cve/CVE-2024-20970

https://access.redhat.com/security/cve/CVE-2024-20971

https://access.redhat.com/security/cve/CVE-2024-20972

https://access.redhat.com/security/cve/CVE-2024-20973

https://access.redhat.com/security/cve/CVE-2024-20974

https://access.redhat.com/security/cve/CVE-2024-20976

https://access.redhat.com/security/cve/CVE-2024-20977

https://access.redhat.com/security/cve/CVE-2024-20978

https://access.redhat.com/errata/RHSA-2024:2619

https://access.redhat.com/security/cve/CVE-2022-4899

https://access.redhat.com/security/cve/CVE-2023-21911

https://access.redhat.com/security/cve/CVE-2023-21919

https://access.redhat.com/security/cve/CVE-2023-21966

https://access.redhat.com/security/cve/CVE-2023-21972

https://access.redhat.com/security/cve/CVE-2023-21976

https://access.redhat.com/security/cve/CVE-2023-21977

https://access.redhat.com/security/cve/CVE-2023-21980

https://access.redhat.com/security/cve/CVE-2023-21982

https://access.redhat.com/security/cve/CVE-2023-22005

https://access.redhat.com/security/cve/CVE-2023-22007

https://access.redhat.com/security/cve/CVE-2023-22008

https://access.redhat.com/security/cve/CVE-2023-22032

https://access.redhat.com/security/cve/CVE-2023-22033

https://access.redhat.com/security/cve/CVE-2023-22038

https://access.redhat.com/security/cve/CVE-2023-22046

https://access.redhat.com/security/cve/CVE-2023-22048

https://access.redhat.com/security/cve/CVE-2023-22053

https://access.redhat.com/security/cve/CVE-2023-22054

https://access.redhat.com/security/cve/CVE-2023-22056

https://access.redhat.com/security/cve/CVE-2023-22057

https://access.redhat.com/security/cve/CVE-2023-22058

https://access.redhat.com/security/cve/CVE-2023-22059

https://access.redhat.com/security/cve/CVE-2023-22064

https://access.redhat.com/security/cve/CVE-2023-22065

https://access.redhat.com/security/cve/CVE-2023-22066

https://access.redhat.com/security/cve/CVE-2023-22068

https://access.redhat.com/security/cve/CVE-2023-22070

https://access.redhat.com/security/cve/CVE-2023-22078

https://access.redhat.com/security/cve/CVE-2023-22079

https://access.redhat.com/security/cve/CVE-2024-20981

https://access.redhat.com/security/cve/CVE-2024-20982

https://access.redhat.com/security/cve/CVE-2024-20983

https://access.redhat.com/security/cve/CVE-2024-20984

https://access.redhat.com/security/cve/CVE-2024-20985

https://access.redhat.com/security/cve/CVE-2024-20993

https://access.redhat.com/security/cve/CVE-2024-21015

https://access.redhat.com/security/cve/CVE-2024-21049

https://access.redhat.com/security/cve/CVE-2024-21050

https://access.redhat.com/security/cve/CVE-2024-21051

https://access.redhat.com/security/cve/CVE-2024-21052

https://access.redhat.com/security/cve/CVE-2024-21053

https://access.redhat.com/security/cve/CVE-2024-21055

https://access.redhat.com/security/cve/CVE-2024-21056

https://access.redhat.com/security/cve/CVE-2024-21057

https://access.redhat.com/security/cve/CVE-2024-21061

Plugin Details

Severity: High

ID: 194842

File Name: redhat-RHSA-2024-2619.nasl

Version: 1.1

Type: local

Agent: unix

Published: 4/30/2024

Updated: 5/2/2024

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-21980

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-common, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config-syspaths, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-devel, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-errmsg, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-icu-data-files, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server-syspaths, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-syspaths, p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-test

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 4/30/2024

Vulnerability Publication Date: 3/31/2023

Reference Information

CVE: CVE-2022-4899, CVE-2023-21911, CVE-2023-21919, CVE-2023-21920, CVE-2023-21929, CVE-2023-21933, CVE-2023-21935, CVE-2023-21940, CVE-2023-21945, CVE-2023-21946, CVE-2023-21947, CVE-2023-21953, CVE-2023-21955, CVE-2023-21962, CVE-2023-21966, CVE-2023-21972, CVE-2023-21976, CVE-2023-21977, CVE-2023-21980, CVE-2023-21982, CVE-2023-22005, CVE-2023-22007, CVE-2023-22008, CVE-2023-22032, CVE-2023-22033, CVE-2023-22038, CVE-2023-22046, CVE-2023-22048, CVE-2023-22053, CVE-2023-22054, CVE-2023-22056, CVE-2023-22057, CVE-2023-22058, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22066, CVE-2023-22068, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22084, CVE-2023-22092, CVE-2023-22097, CVE-2023-22103, CVE-2023-22104, CVE-2023-22110, CVE-2023-22111, CVE-2023-22112, CVE-2023-22113, CVE-2023-22114, CVE-2023-22115, CVE-2024-20960, CVE-2024-20961, CVE-2024-20962, CVE-2024-20963, CVE-2024-20964, CVE-2024-20965, CVE-2024-20966, CVE-2024-20967, CVE-2024-20968, CVE-2024-20969, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20981, CVE-2024-20982, CVE-2024-20983, CVE-2024-20984, CVE-2024-20985, CVE-2024-20993, CVE-2024-21015, CVE-2024-21049, CVE-2024-21050, CVE-2024-21051, CVE-2024-21052, CVE-2024-21053, CVE-2024-21055, CVE-2024-21056, CVE-2024-21057, CVE-2024-21061

CWE: 400

RHSA: 2024:2619