The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4535 advisory.

  - In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment     of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and     report an error message containing uninitialized bytes. (CVE-2022-41862)

  - schema_element defeats protective search_path changes; It was found that certain database calls in     PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary     code. (CVE-2023-2454)

  - Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies     to be applied in certain cases where role-specific policies are used and a given query is planned under     one role and then executed under other roles. This scenario can happen under security definer functions or     when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an     incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects     only databases that have used CREATE POLICY to define a row security policy. (CVE-2023-2455)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6104-1 advisory.

    Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An     authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor.
    (CVE-2023-2454)

    Wolfgang Walther discovered that PostgreSQL incorrectly handled certain row security policies. An     authenticated user could possibly use this issue to complete otherwise forbidden reads and modifications.
    (CVE-2023-2455)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7667 advisory.

  - postgresql: Extension scripts replace objects not belonging to the extension. (CVE-2022-2625)

  - postgresql: Client memory disclosure when connecting with Kerberos to modified server (CVE-2022-41862)

  - postgresql: schema_element defeats protective search_path changes (CVE-2023-2454)

  - postgresql: row security policies disregard user ID changes after inlining. (CVE-2023-2455)

  - postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

  - postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

  - postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

  - postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4535 advisory.

  - postgresql: Client memory disclosure when connecting with Kerberos to modified server (CVE-2022-41862)

  - postgresql: schema_element defeats protective search_path changes (CVE-2023-2454)

  - postgresql: row security policies disregard user ID changes after inlining. (CVE-2023-2455)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7580 advisory.

  - postgresql: Extension scripts replace objects not belonging to the extension. (CVE-2022-2625)

  - postgresql: Client memory disclosure when connecting with Kerberos to modified server (CVE-2022-41862)

  - postgresql: schema_element defeats protective search_path changes (CVE-2023-2454)

  - postgresql: row security policies disregard user ID changes after inlining. (CVE-2023-2455)

  - postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

  - postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

  - postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

  - postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Siemens SINEC NMS installed on the remote host is prior to 2.0.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA-943925 advisory.

  - coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type     request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload,     aka Content-Type confusion between the WAF and the backend application. This occurs when the web     application relies on only the last Content-Type header. Other platforms may reject the additional     Content-Type header or merge conflicting headers, leading to detection as a malformed header.
    (CVE-2023-38199)

  - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request     Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of     RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied     request-target (URL) data and is then re-inserted into the proxied request-target using variable     substitution. For example, something like: RewriteEngine on RewriteRule ^/here/(.*)     http://example.com:8080/elsewhere?$1; [P] ProxyPassReverse /here/ http://example.com:8080/ Request     splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended     URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version     2.4.56 of Apache HTTP Server. (CVE-2023-25690)

  - The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json     definition for a given module. This vulnerability affects all users using the experimental policy     mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was     issued, the policy is an experimental feature of Node.js. (CVE-2023-32002)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of postgresql installed on the remote host is prior to 11.20-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL11-2023-001 advisory.

  - schema_element defeats protective search_path changes; It was found that certain database calls in     PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary     code. (CVE-2023-2454)

  - Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies     to be applied in certain cases where role-specific policies are used and a given query is planned under     one role and then executed under other roles. This scenario can happen under security definer functions or     when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an     incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects     only databases that have used CREATE POLICY to define a row security policy. (CVE-2023-2455)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
179863	Oracle Linux 8 : postgresql:12 (ELSA-2023-4535)	Nessus	Oracle Linux Local Security Checks	8/15/2023	8/17/2023	high
176338	Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : PostgreSQL vulnerabilities (USN-6104-1)	Nessus	Ubuntu Local Security Checks	5/24/2023	8/27/2024	high
186619	RHEL 8 : postgresql:12 (RHSA-2023:7667)	Nessus	Red Hat Local Security Checks	12/6/2023	4/29/2024	high
179475	RHEL 8 : postgresql:12 (RHSA-2023:4535)	Nessus	Red Hat Local Security Checks	8/8/2023	4/28/2024	high
186435	RHEL 8 : postgresql:13 (RHSA-2023:7580)	Nessus	Red Hat Local Security Checks	11/29/2023	4/28/2024	high
191429	Siemens SINEC NMS < V2.0 SP1 Multiple Vulnerabilities	Nessus	Windows	2/29/2024	3/1/2024	critical
182020	Amazon Linux 2 : postgresql (ALASPOSTGRESQL11-2023-001)	Nessus	Amazon Linux Local Security Checks	9/27/2023	9/27/2023	high

Detections

Analytics

Plugins Search

high

high

high

high

high

critical

high