Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:1361412562311220221756HistoryMay 25, 2022 - 12:00 a.m.
Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2022-1756)
2022-05-2500:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.2 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
42.8%
The remote host is missing an update for the Huawei EulerOS
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2022.1756");
script_cve_id("CVE-2021-23222");
script_tag(name:"creation_date", value:"2022-05-25 04:17:28 +0000 (Wed, 25 May 2022)");
script_version("2024-02-05T14:36:57+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:57 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-03-10 20:42:35 +0000 (Thu, 10 Mar 2022)");
script_name("Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2022-1756)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP3");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2022-1756");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2022-1756");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'postgresql' package(s) announced via the EulerOS-SA-2022-1756 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.(CVE-2021-23222)");
script_tag(name:"affected", value:"'postgresql' package(s) on Huawei EulerOS V2.0SP3.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"postgresql", rpm:"postgresql~9.2.24~1.h5", rls:"EULEROS-2.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql-contrib", rpm:"postgresql-contrib~9.2.24~1.h5", rls:"EULEROS-2.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql-devel", rpm:"postgresql-devel~9.2.24~1.h5", rls:"EULEROS-2.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql-docs", rpm:"postgresql-docs~9.2.24~1.h5", rls:"EULEROS-2.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql-libs", rpm:"postgresql-libs~9.2.24~1.h5", rls:"EULEROS-2.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql-plperl", rpm:"postgresql-plperl~9.2.24~1.h5", rls:"EULEROS-2.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql-plpython", rpm:"postgresql-plpython~9.2.24~1.h5", rls:"EULEROS-2.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql-pltcl", rpm:"postgresql-pltcl~9.2.24~1.h5", rls:"EULEROS-2.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql-server", rpm:"postgresql-server~9.2.24~1.h5", rls:"EULEROS-2.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql-test", rpm:"postgresql-test~9.2.24~1.h5", rls:"EULEROS-2.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
Oracle Linux 8 : libpq (ELSA-2022-1891)
2022-05-18 00:00:00
AlmaLinux 8 : libpq (ALSA-2022:1891)
2022-05-12 00:00:00
CentOS 8 : libpq (CESA-2022:1891)
2022-05-10 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5765-1)
2022-12-08 00:00:00
Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2022-1197)
2022-02-24 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3760-1)
2021-11-23 00:00:00
debiancve
debiancve
CVE-2021-23222
2022-03-02 23:15:00
ubuntu
ubuntu
PostgreSQL vulnerability
2022-12-07 00:00:00
PostgreSQL vulnerabilities
2021-11-11 00:00:00
ubuntucve
ubuntucve
CVE-2021-23222
2021-11-11 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-23222 affecting package postgresql for versions less than 14.2-1
2022-04-26 20:17:02
CVE-2021-23222 affecting package postgresql 12.8-1
2022-03-19 16:40:54
cve
cve
CVE-2021-23222
2022-03-02 23:15:00
CVE-2021-43767
2022-08-25 18:15:00
almalinux
almalinux
Low: libpq security update
2022-05-10 06:36:04
osv
osv
postgresql-9.5 vulnerability
2022-12-07 19:35:54
CVE-2021-23222
2022-03-02 23:15:08
Low: libpq security update
2022-05-10 06:36:04
veracode
veracode
Denial Of Service (DoS)
2021-11-14 07:42:43
oraclelinux
oraclelinux
libpq security update
2022-05-17 00:00:00
redhatcve
redhatcve
CVE-2021-23222
2021-11-12 12:00:28
redhat
redhat
(RHSA-2022:1891) Low: libpq security update
2022-05-10 06:36:04
(RHSA-2021:5197) Moderate: rh-postgresql12-postgresql security update
2021-12-16 18:07:11
(RHSA-2021:5179) Moderate: rh-postgresql13-postgresql security update
2021-12-16 11:34:46
alpinelinux
alpinelinux
CVE-2021-23222
2022-03-02 23:15:00
prion
prion
Design/Logic Flaw
2022-03-02 23:15:00
Authentication flaw
2022-08-25 18:15:00
rocky
rocky
libpq security update
2022-05-10 06:36:04
suse
suse
Security update for postgresql10 (important)
2021-12-15 00:00:00
Security update for postgresql14 (important)
2021-11-22 00:00:00
Security update for postgresql10 (important)
2021-12-14 00:00:00
altlinux
altlinux
debian
debian
[SECURITY] [DLA 2817-1] postgresql-9.6 security update
2021-11-12 08:46:22
[SECURITY] [DSA 5007-1] postgresql-13 security update
2021-11-11 21:52:56
[SECURITY] [DSA 5006-1] postgresql-11 security update
2021-11-11 21:49:53
ibm
ibm
Security Bulletin: A security vulnerability inPostgreSQL affects IBM Cloud Pak for Multicloud Management Infrastructure Management
2022-10-21 17:09:42
redos
redos
ROS-20220125-13
2022-01-25 00:00:00
freebsd
freebsd
PostgreSQL -- Possible man-in-the-middle attacks
2021-11-08 00:00:00
mageia
mageia
Updated postgresql packages fix security vulnerability
2021-11-25 16:06:13
fedora
fedora
[SECURITY] Fedora 35 Update: pgbouncer-1.16.1-1.fc35
2021-12-31 01:21:38
github
github
PostgresNIO processes unencrypted bytes from man-in-the-middle
2023-05-10 19:20:16
gentoo
gentoo
PostgreSQL: Multiple Vulnerabilities
2022-11-19 00:00:00
hp
hp
HP Device Manager Vulnerability Update (5.0.12)
2024-01-26 00:00:00
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.2 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
42.8%
Related for OPENVAS:1361412562311220221756