The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3811 advisory.

    MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld,     and many client programs.

    The following packages have been upgraded to a later upstream version: rh-mysql80-mysql (8.0.26).
    (BZ#2003105)

    Security Fix(es):

    * mysql: Server: Stored Procedure multiple vulnerabilities (CVE-2020-14672, CVE-2021-2046, CVE-2021-2072,     CVE-2021-2081, CVE-2021-2215, CVE-2021-2217, CVE-2021-2293, CVE-2021-2304, CVE-2021-2424)

    * mysql: Server: FTS multiple vulnerabilities (CVE-2020-14765, CVE-2020-14789, CVE-2020-14804)

    * mysql: Server: Optimizer multiple vulnerabilities (CVE-2020-14769, CVE-2020-14773, CVE-2020-14777,     CVE-2020-14785, CVE-2020-14793, CVE-2020-14794, CVE-2020-14809, CVE-2020-14830, CVE-2020-14836,     CVE-2020-14837, CVE-2020-14839, CVE-2020-14845, CVE-2020-14846, CVE-2020-14861, CVE-2020-14866,     CVE-2020-14868, CVE-2020-14888, CVE-2020-14891, CVE-2020-14893, CVE-2021-2001, CVE-2021-2021,     CVE-2021-2024, CVE-2021-2030, CVE-2021-2031, CVE-2021-2036, CVE-2021-2055, CVE-2021-2060, CVE-2021-2065,     CVE-2021-2070, CVE-2021-2076, CVE-2021-2164, CVE-2021-2169, CVE-2021-2170, CVE-2021-2193, CVE-2021-2203,     CVE-2021-2212, CVE-2021-2213, CVE-2021-2230, CVE-2021-2278, CVE-2021-2298, CVE-2021-2299, CVE-2021-2342,     CVE-2021-2357, CVE-2021-2367, CVE-2021-2383, CVE-2021-2384, CVE-2021-2387, CVE-2021-2410, CVE-2021-2412,     CVE-2021-2418, CVE-2021-2425, CVE-2021-2426, CVE-2021-2427, CVE-2021-2437, CVE-2021-2441, CVE-2021-2444)

    * mysql: InnoDB multiple vulnerabilities (CVE-2020-14775, CVE-2020-14776, CVE-2020-14821, CVE-2020-14829,     CVE-2020-14848, CVE-2021-2022, CVE-2021-2028, CVE-2021-2048, CVE-2021-2174, CVE-2021-2180, CVE-2021-2194,     CVE-2021-2372, CVE-2021-2374, CVE-2021-2389, CVE-2021-2390, CVE-2021-2429, CVE-2020-14791, CVE-2021-2042)

    * mysql: Server: PS multiple vulnerabilities (CVE-2020-14786, CVE-2020-14790, CVE-2020-14844,     CVE-2021-2422)

    * mysql: Server: Security multiple vulnerabilities (CVE-2020-14800, CVE-2020-14838, CVE-2020-14860)

    * mysql: Server: Locking multiple vulnerabilities (CVE-2020-14812, CVE-2021-2058, CVE-2021-2402)

    * mysql: Server: DML multiple vulnerabilities (CVE-2020-14814, CVE-2020-14828, CVE-2021-2056,     CVE-2021-2087, CVE-2021-2088, CVE-2021-2166, CVE-2021-2172, CVE-2021-2196, CVE-2021-2300, CVE-2021-2305,     CVE-2021-2370, CVE-2021-2440)

    * mysql: Server: Charsets unspecified vulnerability (CVE-2020-14852)

    * mysql: Server: DDL multiple vulnerabilities (CVE-2020-14867, CVE-2021-2061, CVE-2021-2122,     CVE-2021-2339, CVE-2021-2352, CVE-2021-2399)

    * mysql: Server: X Plugin unspecified vulnerability (CVE-2020-14870)

    * mysql: Server: Logging unspecified vulnerability (CVE-2020-14873)

    * mysql: Server: Replication multiple vulnerabilities (CVE-2021-2002, CVE-2021-2171, CVE-2021-2178,     CVE-2021-2202, CVE-2021-2356, CVE-2021-2385)

    * mysql: C API multiple vulnerabilities (CVE-2021-2010, CVE-2021-2011)

    * mysql: Server: Components Services unspecified vulnerability (CVE-2021-2038)

    * mysql: Server: Options unspecified vulnerability (CVE-2021-2146)

    * mysql: Server: Group Replication Plugin multiple vulnerabilities (CVE-2021-2179, CVE-2021-2232)

    * mysql: Server: Partition multiple vulnerabilities (CVE-2021-2201, CVE-2021-2208)

    * mysql: Server: Information Schema multiple vulnerabilities (CVE-2021-2032, CVE-2021-2226, CVE-2021-2301,     CVE-2021-2308)

    * mysql: Server: Packaging unspecified vulnerability (CVE-2021-2307)

    * mysql: Server: Federated unspecified vulnerability (CVE-2021-2354)

    * mysql: Server: GIS unspecified vulnerability (CVE-2021-2417)

    * mysql: Server: Memcached unspecified vulnerability (CVE-2021-2340)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * Segfault and possible DoS with a crafted query (BZ#2003100)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : rh-mysql80-mysql (RHSA-2021:3811)

medium Nessus Plugin ID 154083

Version 1.13