The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4527 advisory.

  - schema_element defeats protective search_path changes; It was found that certain database calls in     PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary     code. (CVE-2023-2454)

  - Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies     to be applied in certain cases where role-specific policies are used and a given query is planned under     one role and then executed under other roles. This scenario can happen under security definer functions or     when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an     incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects     only databases that have used CREATE POLICY to define a row security policy. (CVE-2023-2455)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of postgresql installed on the remote host is prior to 12.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL12-2023-001 advisory.

    postgresql: Client memory disclosure when connecting with Kerberos to modified server (CVE-2022-41862)

    This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap     superuser. Database owners have that right by default, and explicit grants may extend it to other users.
    (CVE-2023-2454)

    While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario     involving function inlining. This leads to potentially incorrect policies being applied in cases where     role-specific policies are used and a given query is planned under one role and then executed under other     roles. This scenario can happen under security definer functions or when a common user and query is     planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a     user to complete otherwise-forbidden reads and modifications. This affects only databases that have used     CREATE POLICY to define a row security policy. (CVE-2023-2455)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of postgresql installed on the remote host is prior to 11.20-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL11-2023-001 advisory.

    This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap     superuser. Database owners have that right by default, and explicit grants may extend it to other users.
    (CVE-2023-2454)

    While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario     involving function inlining. This leads to potentially incorrect policies being applied in cases where     role-specific policies are used and a given query is planned under one role and then executed under other     roles. This scenario can happen under security definer functions or when a common user and query is     planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a     user to complete otherwise-forbidden reads and modifications. This affects only databases that have used     CREATE POLICY to define a row security policy. (CVE-2023-2455)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:4527 advisory.

  - schema_element defeats protective search_path changes; It was found that certain database calls in     PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary     code. (CVE-2023-2454)

  - Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies     to be applied in certain cases where role-specific policies are used and a given query is planned under     one role and then executed under other roles. This scenario can happen under security definer functions or     when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an     incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects     only databases that have used CREATE POLICY to define a row security policy. (CVE-2023-2455)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4527 advisory.

  - schema_element defeats protective search_path changes; It was found that certain database calls in     PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary     code. (CVE-2023-2454)

  - Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies     to be applied in certain cases where role-specific policies are used and a given query is planned under     one role and then executed under other roles. This scenario can happen under security definer functions or     when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an     incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects     only databases that have used CREATE POLICY to define a row security policy. (CVE-2023-2455)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2201-1 advisory.

  - schema_element defeats protective search_path changes; It was found that certain database calls in     PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary     code. (CVE-2023-2454)

  - Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies     to be applied in certain cases where role-specific policies are used and a given query is planned under     one role and then executed under other roles. This scenario can happen under security definer functions or     when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an     incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects     only databases that have used CREATE POLICY to define a row security policy. (CVE-2023-2455)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7580 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    Security Fix(es):

    * postgresql: schema_element defeats protective search_path changes (CVE-2023-2454)

    * postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

    * postgresql: Extension scripts replace objects not belonging to the extension. (CVE-2022-2625)

    * postgresql: row security policies disregard user ID changes after inlining. (CVE-2023-2455)

    * postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

    * postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

    * postgresql: Client memory disclosure when connecting with Kerberos to modified server (CVE-2022-41862)

    * postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7667 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    Security Fix(es):

    * postgresql: schema_element defeats protective search_path changes (CVE-2023-2454)

    * postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

    * postgresql: Extension scripts replace objects not belonging to the extension. (CVE-2022-2625)

    * postgresql: row security policies disregard user ID changes after inlining. (CVE-2023-2455)

    * postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

    * postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

    * postgresql: Client memory disclosure when connecting with Kerberos to modified server (CVE-2022-41862)

    * postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Siemens SINEC NMS installed on the remote host is prior to 2.0.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA-943925 advisory.

  - coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type     request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload,     aka Content-Type confusion between the WAF and the backend application. This occurs when the web     application relies on only the last Content-Type header. Other platforms may reject the additional     Content-Type header or merge conflicting headers, leading to detection as a malformed header.
    (CVE-2023-38199)

  - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request     Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of     RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied     request-target (URL) data and is then re-inserted into the proxied request-target using variable     substitution. For example, something like: RewriteEngine on RewriteRule ^/here/(.*)     http://example.com:8080/elsewhere?$1; [P] ProxyPassReverse /here/ http://example.com:8080/ Request     splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended     URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version     2.4.56 of Apache HTTP Server. (CVE-2023-25690)

  - The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json     definition for a given module. This vulnerability affects all users using the experimental policy     mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was     issued, the policy is an experimental feature of Node.js. (CVE-2023-32002)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
182723	Rocky Linux 8 : postgresql:13 (RLSA-2023:4527)	Nessus	Rocky Linux Local Security Checks	10/6/2023	11/6/2023	high
181979	Amazon Linux 2 : postgresql (ALASPOSTGRESQL12-2023-001)	Nessus	Amazon Linux Local Security Checks	9/27/2023	12/11/2024	high
182020	Amazon Linux 2 : postgresql (ALASPOSTGRESQL11-2023-001)	Nessus	Amazon Linux Local Security Checks	9/27/2023	12/11/2024	high
179461	CentOS 8 : postgresql:13 (CESA-2023:4527)	Nessus	CentOS Local Security Checks	8/8/2023	2/8/2024	high
179621	AlmaLinux 8 : postgresql:13 (ALSA-2023:4527)	Nessus	Alma Linux Local Security Checks	8/9/2023	8/17/2023	high
175801	SUSE SLES12 Security Update : postgresql13 (SUSE-SU-2023:2201-1)	Nessus	SuSE Local Security Checks	5/16/2023	8/17/2023	high
186435	RHEL 8 : postgresql:13 (RHSA-2023:7580)	Nessus	Red Hat Local Security Checks	11/29/2023	11/7/2024	high
186619	RHEL 8 : postgresql:12 (RHSA-2023:7667)	Nessus	Red Hat Local Security Checks	12/6/2023	11/7/2024	high
191429	Siemens SINEC NMS < V2.0 SP1 Multiple Vulnerabilities	Nessus	Windows	2/29/2024	10/7/2024	critical

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

critical