SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-23 advisory. Several of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with best practice, Tenable has opted to upgrade these components to address the potential impact of the issues. Nessus Network Monitor 6.2.2 updates the following components:

  - c-ares from version 1.10.0 to version 1.19.1.
  - curl from version 7.79.1 to version 8.1.2.
  - libbzip2 from version 1.0.6 to version 1.0.8.
  - libpcre from version 8.42 to version 8.44.
  - libxml2 from version 2.7.7 to version 2.11.1.
  - libxslt from version 1.1.26 to version 1.1.37.
  - libxmlsec from version 1.2.18 to version 1.2.37.
  - sqlite from version 3.27.2 to version 3.40.1.
  - jQuery Cookie from version 1.3.1 to version 1.4.1.
  - jQuery UI from version 1.13.0 to version 1.13.2.
  - OpenSSL from version 3.0.8 to version 3.0.9.

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4205-1 advisory.

    It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this     issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740)

    It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this     issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu     19.04. (CVE-2019-16168)

    It was discovered that SQLite incorrectly handled certain schemas. An attacker could possibly use this     issue to mishandles some expressions. This issue only affected Ubuntu 19.04 and Ubuntu 19.10.
    (CVE-2019-19242)

    It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this     issue to execute arbitrary code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19244)

    It was discovered that SQLite incorrectly handled certain SQL commands. An attacker could possibly use     this issue to execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5018)

    It was discovered that SQLite incorrectly handled certain commands. An attacker could possibly use this     issue to execute arbitrary code. (CVE-2019-5827)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
504363	Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2019-19242)	Tenable OT Security	Tenable.ot	medium
177842	Nessus Network Monitor < 6.2.2 Multiple Vulnerabilities (TNS-2023-23)	Nessus	Misc.	critical
131561	Ubuntu 16.04 LTS / 18.04 LTS : SQLite vulnerabilities (USN-4205-1)	Nessus	Ubuntu Local Security Checks	high

Detections

Analytics

CVE-2019-19242

medium

Tenable Plugins

medium

critical

high