Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

alma_linux ALSA-2025:1671: ALSA-2025:1671: mysql security update (High)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-1671 advisory.

    [8.0.41-2]
    - Fix patching of logrotate

    [8.0.41-1]
    - Update to MySQL 8.0.41

    [8.0.40-1]
    - Update to MySQL 8.0.40

    [8.0.39-1]
    - Rebase to version 8.0.39

    [8.0.37-2]
    - Use signal to flush logs when rotating

    [8.0.37-1]
    - Update to MySQL 8.0.37
    - Remove some legacy cmake options

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-1673 advisory.

    mecab     [0.996-2.12]
    - Bump version for 'mysql' module rebuild       We are moving the 'mecab-devel' RPM from the 'buildroot' repo to the 'AppStream' repo
    - Resolves: #2180411

    mecab-ipadic     [2.7.0.20070801-17.0.1]
    - Rename the LICENSE.Fedora to LICENSE.oracle

    [2.7.0.20070801-17]
    - Bump the release
    - Resolves: RHEL-24525

    mysql     [8.0.41-1]
    - Update to MySQL 8.0.41

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:1673 advisory.

    * openssl: SSL_select_next_proto buffer overread (CVE-2024-5535)
      * krb5: GSS message token handling (CVE-2024-37371)
      * curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)
      * mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024) (CVE-2024-21238)
      * mysql: X Plugin unspecified vulnerability (CPU Oct 2024) (CVE-2024-21196)
      * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21241)
      * mysql: Client programs unspecified vulnerability (CPU Oct 2024) (CVE-2024-21231)
      * mysql: Information Schema unspecified vulnerability (CPU Oct 2024) (CVE-2024-21197)
      * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21218)
      * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21201)
      * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21236)
      * mysql: Group Replication GCS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21237)
      * mysql: FTS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21203)
      * mysql: Health Monitor unspecified vulnerability (CPU Oct 2024) (CVE-2024-21212)
      * mysql: DML unspecified vulnerability (CPU Oct 2024) (CVE-2024-21219)
      * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21230)
      * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21213)
      * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21194)
      * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21199)
      * mysql: PS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21193)
      * mysql: DDL unspecified vulnerability (CPU Oct 2024) (CVE-2024-21198)
      * mysql: mysqldump unspecified vulnerability (CPU Oct 2024) (CVE-2024-21247)
      * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21239)
      * curl: curl netrc password leak (CVE-2024-11053)
      * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21497)
      * mysql: MySQL Server Options Vulnerability (CVE-2025-21520)
      * mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490)
      * mysql: Information Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21529)
      * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21531)
      * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21504)
      * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21540)
      * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability     (CVE-2025-21555)
      * mysql: Packaging unspecified vulnerability (CPU Jan 2025) (CVE-2025-21543)
      * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability     (CVE-2025-21491)
      * mysql: DDL unspecified vulnerability (CPU Jan 2025) (CVE-2025-21525)
      * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21536)
      * mysql: Thread Pooling unspecified vulnerability (CPU Jan 2025) (CVE-2025-21521)
      * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21501)
      * mysql: Performance Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21534)
      * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21494)
      * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21519)
      * mysql: Parser unspecified vulnerability (CPU Jan 2025) (CVE-2025-21522)
      * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21503)
      * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21518)
      * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability     (CVE-2025-21559)
      * mysql: Privilege Misuse in MySQL Server Security Component (CVE-2025-21546)
      * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21500)
      * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21523)
      * mysql: Components Services unspecified vulnerability (CPU Jan 2025) (CVE-2025-21505)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1673 advisory.

    MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld)     and many client programs and libraries.

    Security Fix(es):

    * openssl: SSL_select_next_proto buffer overread (CVE-2024-5535)

    * krb5: GSS message token handling (CVE-2024-37371)

    * curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)

    * mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024) (CVE-2024-21238)

    * mysql: X Plugin unspecified vulnerability (CPU Oct 2024) (CVE-2024-21196)

    * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21241)

    * mysql: Client programs unspecified vulnerability (CPU Oct 2024) (CVE-2024-21231)

    * mysql: Information Schema unspecified vulnerability (CPU Oct 2024) (CVE-2024-21197)

    * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21218)

    * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21201)

    * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21236)

    * mysql: Group Replication GCS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21237)

    * mysql: FTS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21203)

    * mysql: Health Monitor unspecified vulnerability (CPU Oct 2024) (CVE-2024-21212)

    * mysql: DML unspecified vulnerability (CPU Oct 2024) (CVE-2024-21219)

    * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21230)

    * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21213)

    * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21194)

    * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21199)

    * mysql: PS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21193)

    * mysql: DDL unspecified vulnerability (CPU Oct 2024) (CVE-2024-21198)

    * mysql: mysqldump unspecified vulnerability (CPU Oct 2024) (CVE-2024-21247)

    * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21239)

    * curl: curl netrc password leak (CVE-2024-11053)

    * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21497)

    * mysql: MySQL Server Options Vulnerability (CVE-2025-21520)

    * mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490)

    * mysql: Information Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21529)

    * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21531)

    * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21504)

    * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21540)

    * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability     (CVE-2025-21555)

    * mysql: Packaging unspecified vulnerability (CPU Jan 2025) (CVE-2025-21543)

    * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability     (CVE-2025-21491)

    * mysql: DDL unspecified vulnerability (CPU Jan 2025) (CVE-2025-21525)

    * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21536)

    * mysql: Thread Pooling unspecified vulnerability (CPU Jan 2025) (CVE-2025-21521)

    * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21501)

    * mysql: Performance Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21534)

    * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21494)

    * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21519)

    * mysql: Parser unspecified vulnerability (CPU Jan 2025) (CVE-2025-21522)

    * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21503)

    * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21518)

    * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability     (CVE-2025-21559)

    * mysql: Privilege Misuse in MySQL Server Security Component (CVE-2025-21546)

    * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21500)

    * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21523)

    * mysql: Components Services unspecified vulnerability (CPU Jan 2025) (CVE-2025-21505)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1671 advisory.

    MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld)     and many client programs and libraries.

    Security Fix(es):

    * openssl: SSL_select_next_proto buffer overread (CVE-2024-5535)

    * krb5: GSS message token handling (CVE-2024-37371)

    * curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)

    * mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024) (CVE-2024-21238)

    * mysql: X Plugin unspecified vulnerability (CPU Oct 2024) (CVE-2024-21196)

    * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21241)

    * mysql: Client programs unspecified vulnerability (CPU Oct 2024) (CVE-2024-21231)

    * mysql: Information Schema unspecified vulnerability (CPU Oct 2024) (CVE-2024-21197)

    * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21218)

    * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21201)

    * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21236)

    * mysql: Group Replication GCS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21237)

    * mysql: FTS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21203)

    * mysql: Health Monitor unspecified vulnerability (CPU Oct 2024) (CVE-2024-21212)

    * mysql: DML unspecified vulnerability (CPU Oct 2024) (CVE-2024-21219)

    * mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21230)

    * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21213)

    * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21194)

    * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21199)

    * mysql: PS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21193)

    * mysql: DDL unspecified vulnerability (CPU Oct 2024) (CVE-2024-21198)

    * mysql: mysqldump unspecified vulnerability (CPU Oct 2024) (CVE-2024-21247)

    * mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21239)

    * curl: curl netrc password leak (CVE-2024-11053)

    * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21497)

    * mysql: MySQL Server Options Vulnerability (CVE-2025-21520)

    * mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490)

    * mysql: Information Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21529)

    * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21531)

    * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21504)

    * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21540)

    * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability     (CVE-2025-21555)

    * mysql: Packaging unspecified vulnerability (CPU Jan 2025) (CVE-2025-21543)

    * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability     (CVE-2025-21491)

    * mysql: DDL unspecified vulnerability (CPU Jan 2025) (CVE-2025-21525)

    * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21536)

    * mysql: Thread Pooling unspecified vulnerability (CPU Jan 2025) (CVE-2025-21521)

    * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21501)

    * mysql: Performance Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21534)

    * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21494)

    * mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21519)

    * mysql: Parser unspecified vulnerability (CPU Jan 2025) (CVE-2025-21522)

    * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21503)

    * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21518)

    * mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability     (CVE-2025-21559)

    * mysql: Privilege Misuse in MySQL Server Security Component (CVE-2025-21546)

    * mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21500)

    * mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21523)

    * mysql: Components Services unspecified vulnerability (CPU Jan 2025) (CVE-2025-21505)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mysql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21238 advisory.

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported     versions that are affected are 8.0.39 and prior, 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit     vulnerability allows low privileged attacker with network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang     or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2024-21238)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21238 advisory.

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported     versions that are affected are 8.0.39 and prior, 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit     vulnerability allows low privileged attacker with network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang     or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2024-21238)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2025 CPU advisory.

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (Kerberos)). Supported     versions that are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable vulnerability     allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.  Successful     attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all MySQL     Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL     Server. (CVE-2024-37371)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)).
    Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL     Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete     access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server. (CVE-2024-5535)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (curl)). Supported     versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks require human interaction from a person other than the attacker. Successful attacks of     this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2024-7264)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of MySQL Server installed on the remote host are affected by a vulnerability as referenced in the January 2024 CPU advisory.

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (Kerberos)). Supported     versions that are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable vulnerability     allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.  Successful     attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all MySQL     Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL     Server. (CVE-2024-37371)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)).
    Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL     Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete     access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server. (CVE-2024-5535)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (curl)). Supported     versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks require human interaction from a person other than the attacker. Successful attacks of     this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2024-7264)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of MySQL Cluster installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory.

  - Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported     versions that are affected are 7.5.35 and prior, 7.6.31 and prior, 8.0.39 and prior, 8.4.2 and prior     and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network     access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of     MySQL Cluster. (CVE-2024-21238)

   - Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported     versions that are affected are 7.5.35 and prior, 7.6.31 and prior, 8.0.39 and prior, 8.4.2 and prior and     9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via     multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of MySQL Cluster accessible data as well as     unauthorized read access to a subset of MySQL Cluster accessible data. (CVE-2024-21247)

  - Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (Kerberos)).     Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily     exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to     compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized access to     critical data or complete access to all MySQL Cluster accessible data and unauthorized ability to cause     a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. (CVE-2024-37371)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of MySQL Cluster installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory.

  - Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: Packaging (OpenSSL)).     Supported versions that are affected are 7.5.35 and prior, 7.6.31 and prior, 8.0.39 and prior, 8.4.2 and     prior and 9.0.1 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network     access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can     result in unauthorized access to critical data or complete access to all MySQL Cluster accessible data     and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster.
    (CVE-2024-5535)

  - Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported     versions that are affected are 7.5.35 and prior, 7.6.31 and prior, 8.0.39 and prior, 8.4.2 and prior     and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network     access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of     MySQL Cluster. (CVE-2024-21238)

  - Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported     versions that are affected are 7.5.35 and prior, 7.6.31 and prior, 8.0.39 and prior, 8.4.2 and prior and     9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via     multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of MySQL Cluster accessible data as well as     unauthorized read access to a subset of MySQL Cluster accessible data. (CVE-2024-21247)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
216613	Oracle Linux 9 : mysql (ELSA-2025-1671)	Nessus	Oracle Linux Local Security Checks	critical
216601	Oracle Linux 8 : mysql:8.0 (ELSA-2025-1673)	Nessus	Oracle Linux Local Security Checks	critical
216537	AlmaLinux 8 : mysql:8.0 (ALSA-2025:1673)	Nessus	Alma Linux Local Security Checks	critical
216487	RHEL 8 : mysql:8.0 (RHSA-2025:1673)	Nessus	Red Hat Local Security Checks	critical
216473	RHEL 9 : mysql (RHSA-2025:1671)	Nessus	Red Hat Local Security Checks	critical
215935	Azure Linux 3.0 Security Update: mysql (CVE-2024-21238)	Nessus	Azure Linux Local Security Checks	medium
209596	CBL Mariner 2.0 Security Update: mysql (CVE-2024-21238)	Nessus	MarinerOS Local Security Checks	medium
209250	Oracle MySQL Server 8.0.x < 8.0.40 (January 2025 CPU)	Nessus	Databases	critical
209249	Oracle MySQL Server 9.x < 9.1.0 (January 2025 CPU)	Nessus	Databases	critical
209248	Oracle MySQL Server 8.x < 8.4.3 (January 2025 CPU)	Nessus	Databases	critical
209242	Oracle MySQL Cluster 8.0.x < 8.0.40 / 8.4.x < 8.4.3 / 9.0.x < 9.0.2 (October 2024 CPU)	Nessus	Databases	critical
209240	Oracle MySQL Cluster 7.5.x < 7.5.36 / 7.6.x < 7.6.32 (October 2024 CPU)	Nessus	Databases	low

Detections

Analytics

CVE-2024-21238

medium

Tenable Plugins

Coming Soon

critical

critical

critical

critical

critical

medium

medium

critical

critical

critical

critical

low