67 matches found
CVE-2022-0778
CVE-2022-0778 describes an infinite loop in BN_mod_sqrt() when parsing certain ASN.1 elliptic-curve parameters, enabling DoS during certificate or key processing. Affected OpenSSL versions include 1.0.2, 1.1.1, and 3.0 (specific ranges: 1.0.2 (1.0.2–1.0.2zc), 1.1.1 (1.1.1–1.1.1m), 3.0 (3.0.0–3.0....
CVE-2019-1559
OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...
CVE-2021-3449
CVE-2021-3449 affects OpenSSL 1.1.1.x where a TLSv1.2 server may crash (DoS) if it receives a renegotiation ClientHello that omits the signature_algorithms extension but includes signature_algorithms_cert. The issue is a NULL pointer dereference leading to a denial of service; OpenSSL clients are...
CVE-2018-5407
CVE-2018-5407 is a PortSmash timing-side channel vulnerability in SMT/Hyper-Threading affecting OpenSSL. Local attackers could exploit a timing leakage during cryptographic operations to gain information. Documented in multiple advisories (e.g., ALAS/ALAS2 for OpenSSL) with remediation stating to...
CVE-2021-3450
CVE-2021-3450 affects OpenSSL 1.1.1h–1.1.1j where a bug in the X509_V_FLAG_X509_STRICT path overwrote a prior CA-check result, bypassing the non-CA certificates prohibition unless a programmed purpose is used. When a purpose is configured, the certificate chain is still rejected; the issue is fix...
CVE-2018-20843
The CVE-2018-20843 issue affects libexpat (Expat) prior to 2.2.7, where XML inputs with many colons can cause high RAM/CPU usage and enable DoS. Related CVE-2019-15903 describes a heap-based buffer over-read when crafted XML triggers early parsing state switches. Public advisories confirm that an...
CVE-2022-23852
Expat (libexpat) contains a signed integer overflow in XML_GetBuffer when XML_CONTEXT_BYTES is nonzero (CVE-2022-23852). IV was observed in multiple advisories and bulletins; the issue can lead to arbitrary code execution or crash if exploited. A fix exists in expat 2.4.4 and later; affected dist...
CVE-2022-23990
CVE-2022-23990 affects Expat (libexpat) before 2.4.4. The issue is an integer overflow in doProlog, leading to denial of service and potential exploitation. Advisories from AlmaLinux and Amazon Linux indicate remediation via upgrading expat to a fixed version (e.g., Expats newer than 2.4.4; ALAS ...
CVE-2022-22822
CVE-2022-22822 affects Expat (libexpat) prior to 2.4.3, where addBinding in xmlparse.c can overflow an integer and enable remote code execution or other impact as described in published advisories. The vulnerability is tied to an integer overflow in xmlparse.c (addBinding), with CVSS-derived seve...
CVE-2021-45960
CVE-2021-45960 (Expat/libexpat) is corroborated by connected advisories describing a left shift (29 or more) in storeAtts() of xmlparse.c that can trigger realloc misbehavior, potentially leading to allocation errors or memory mismanagement in Expat before 2.4.3. The CVE is repeatedly listed acro...
CVE-2022-22823
CVE-2022-22823 affects Expat (libexpat) with an integer overflow in build_model() in xmlparse.c, vulnerable prior to 2.4.3. The CVE is corroborated by multiple sources (e.g., ALAS2-2022-1809, ALSA-2022-7692) and Cloud Foundry USN references, all indicating Expat pre-2.4.3 contains the overflow is...
CVE-2022-22824
CVE-2022-22824 affects Expat (libexpat) with an integer overflow in defineAttribute() within xmlparse.c for versions before 2.4.3. The issue is confirmed by connected documents listing multiple Expat CVEs (e.g., CVE-2021-46143, CVE-2022-22822–22827) and advisories referencing 2.4.3 as the fix ver...
CVE-2022-22827
CVE-2022-22827 affects Expat (libexpat) stored in xmlparse.c: storeAtts has an integer overflow in versions before 2.4.3. The vulnerability can be triggered by processing crafted XML content and, as described in the advisories, may lead to crashes or arbitrary code execution in some contexts. Aff...
CVE-2022-22825
CVE-2022-22825 refers to an integer overflow in Expat (libexpat) within xmlparse.c (lookup function) present in versions before 2.4.3. The vulnerability is a code execution/impact class due to heap memory mismanagement from the overflow, with CVSS v3.1 base score 8.8 (high) and network/remote exp...
CVE-2021-46143
CVE-2021-46143 affects libexpat (Expat) in doProlog (xmlparse.c) with an integer overflow on m_groupSize prior to 2.4.3. The linked advisories and databases confirm related Expat overflow issues (and other overflow variants such as addBinding, build_model, defineAttribute, lookup, nextScaffoldPar...
CVE-2022-22826
CVE-2022-22826 is an integer overflow in the Expat (libexpat) XML parser, specifically in nextScaffoldPart of xmlparse.c, affecting versions before 2.4.3. The initial CVE description confirms the overflow, and connected advisories/patch notes (e.g., AlmaLinux ALAS-2022-1603/7692, CESA-2022:1069) ...
CVE-2017-18214
CVE-2017-18214 affects the Moment.js Node.js module prior to 2.19.3, enabling a regular-expression denial-of-service (ReDoS) via a crafted date string. The issue is described as a separate vulnerability from CVE-2016-4055, with practical risk being CPU exhaustion leading to potential denial of se...
CVE-2016-4055
Moment.js (Node.js) is affected by CVE-2016-4055 due to a vulnerability in its regular expression handling that can enable a DoS (high CPU usage) via crafted input. Public details show the issue as a ReDoS against the moment package prior to 2.11.2, with remediation requiring upgrading to a patch...
CVE-2019-3961
CVE-2019-3961 refers to a reflected XSS in Nessus versions 8.4.0 and earlier caused by improper validation of user-supplied input. An unauthenticated, remote attacker could craft a request to cause script execution in a user’s browser session. The vulnerability is documented across multiple sourc...
CVE-2023-3251
CVE-2023-3251 concerns Tenable Nessus prior to version 10.6.0. An authenticated administrator could exploit a pass-back vulnerability to uncover stored SMTP credentials within the Nessus application. The advisory and related references indicate Nessus 10.6.0 fixes these issues (the CVE-2023-3251 ...
CVE-2023-3252
CVE-2023-3252 affects Tenable Nessus prior to 10.5.5, where an authenticated, remote attacker with administrator privileges could modify logging variables to write arbitrary files on the remote host, causing a denial of service. The vulnerability is addressed in Nessus 10.5.5 (per TNS-2023-31). R...
CVE-2023-3253
CVE-2023-3253 describes an improper authorization vulnerability in Tenable Nessus where an authenticated, low-privileged remote attacker could view a list of all users in the application. Affected product: Nessus (pre-10.6.0 releases). The issue is confirmed in multiple feeds (Red Hat, NVD, CVE l...
CVE-2023-5847
CVE-2023-5847 is evidenced in connected docs as a local privilege escalation affecting Tenable Nessus/Nessus Agent. The flaw enables a low-privileged attacker to load a crafted file during installation or upgrade, potentially escalating to SYSTEM/root by exploiting OpenSSL configuration handling ...
CVE-2019-3974
CVE-2019-3974 affects Tenable Nessus on Windows (versions 8.5.2 and earlier). The issue allows arbitrary overwriting of certain system files, potentially causing a denial-of-service condition. Root cause: file overwrite flaw in Nessus’ Windows file handling. Affected product/version per sources: ...
CVE-2023-0101
CVE-2023-0101 affects Tenable Nessus, with privilege escalation on Nessus hosts. Affected are Nessus versions 8.10.1–8.15.8 and 10.0.0–10.4.1. The vulnerability allows an authenticated attacker to execute a specially crafted file to obtain root or NT AUTHORITY/SYSTEM privileges. The CVSS vector i...
CVE-2019-3962
CVE-2019-3962 affects Tenable Nessus pre-8.5.0. An authenticated, local attacker can induce a targeted user to view a malicious URL and trigger Nessus to send fraudulent messages, allowing arbitrary text to be injected into the feed status, persisting after session expiration. Mitigation: upgrade...
CVE-2022-32973
CVE-2022-32973 affects Nessus Agent prior to 8.3.4 or 10.x prior to 10.1.4. An authenticated attacker could create a custom audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges. This is documented in Nessus/TNS advisories (e.g., TNS-2022-17) and li...
CVE-2019-3982
CVE-2019-3982 affects Tenable Nessus versions 8.6.0 and earlier. The issue is a denial-of-service caused by improper validation of specific imported scan types in the Nessus scanner, which can be exploited remotely by an authenticated attacker to render the scanner temporarily unresponsive. The c...
CVE-2018-1148
Nessus before 7.1.0 is vulnerable to a session fixation flaw caused by insufficient session management. An authenticated attacker could hijack a user session after a password change by leveraging an existing session ID. The connected sources confirm the affected product (Tenable Nessus), the vuln...
CVE-2022-3499
CVE-2022-3499 affects Tenable Nessus 10.x prior to 10.4.0. An authenticated attacker could use identical agent and cluster node linking keys to cause unauthorized disclosure of agent logs and data. Tenable Nessus 10.4.0 fixes this issue (and CVE-2022-3498); remediation includes upgrading to 10.4....
CVE-2021-20099
CVE-2021-20099 affects Nessus Agent for Windows, prior to 8.2.5? (8.2.4 and earlier as described) and constitutes a local privilege escalation where an authenticated local administrator could cause specific Windows executables to run as the Nessus host. The connected sources (Red Hat, ENISA/CVE r...
CVE-2018-1147
The CVE-2018-1147 issue affects Nessus prior to 7.1.0, where improper input validation enables stored cross-site scripting (XSS). A remote authenticated attacker could craft and upload a .nessus file (or alter Advanced Settings) so that an administrator viewing it can trigger arbitrary script exe...
CVE-2021-20079
The CVE-2021-20079 entry affects Tenable Nessus versions prior to 8.14.0 (notably 8.13.2 and earlier). The vulnerability is a privilege-escalation flaw where an authenticated Nessus administrator can upload a specially crafted file to gain administrator privileges on the Nessus host. Root cause d...
CVE-2022-33757
The CVE-2022-33757 entry describes an information disclosure in Nessus where an authenticated attacker can read Nessus Debug Log file attachments via the web UI without proper privileges. Public-connected sources corroborate that this affects Nessus and its web interface, enabling disclosure of s...
CVE-2023-6178
Summary: CVE-2023-6178 is an arbitrary file write vulnerability affecting Tenable Nessus Agent upstream/remote agent when self-reported as pre-10.4.4. An authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remot...
CVE-2019-3923
Nessus (Tenable Nessus) versions 8.2.1 and earlier are affected by a stored XSS vulnerability caused by improper validation of user-supplied input. An authenticated, remote attacker could exploit this via a specially crafted request to execute arbitrary script code in a user’s browser session. Te...
CVE-2022-4313
Summary: CVE-2022-4313 relates to Tenable products where an authenticated user with Scan Policy Configuration roles could modify audit policy variables to run arbitrary commands on credentialed scan targets, potentially leading to code execution. The vulnerability is discussed across multiple fee...
CVE-2023-0524
CVE-2023-0524 concerns a privilege-escalation issue in Tenable products. The authenticated attacker could modify environment variables and, by abusing an impacted plugin, escalate privileges. Affected products mentioned across sources include Tenable Nessus, Tenable.io, and Tenable.sc. The underl...
CVE-2020-5793
CVE-2020-5793 affects Tenable Nessus (Windows) versions 8.9.0–8.12.0 and Nessus Agent 8.0.0–8.1.0. An authenticated local attacker can copy user-supplied files to a specially crafted path in a named user directory by dropping a malicious file into a system directory. The exploit requires valid Wi...
CVE-2022-32974
CVE-2022-32974 is confirmed in connected documents as affecting Tenable Nessus/ Nessus Agent prior to specific versions. An authenticated attacker could read arbitrary files from the underlying OS via a crafted compliance audit file, without SSH credentials. Exploitation details and affected vers...
CVE-2016-9260
CVE-2016-9260 is a stored cross-site scripting (XSS) vulnerability affecting Tenable Nessus prior to version 6.9. The issue arises in how Nessus handles .nessus files, allowing an authenticated, remote attacker to inject arbitrary script/HTML into a user's browser session. Public documents consis...
CVE-2021-20135
CVE-2021-20135 affects Tenable Nessus up to and including version 8.15.2. The issue is a local privilege escalation that could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has provided a fix in Nessus 10.0.0. Evidence across multiple fe...
CVE-2023-6062
CVE-2023-6062 affects Tenable Nessus. An authenticated, remote attacker with administrator privileges can modify Nessus Rules variables to write arbitrary files on the remote host, causing a denial-of-service condition. Public references (TNS-2023-39/40) describe Nessus versions affected and vend...
CVE-2025-36630
CVE-2025-36630 affects Tenable Nessus on Windows, prior to version 10.8.5. A non‑administrative user could overwrite arbitrary local system files with log content, achieving SYSTEM privilege. Root cause details are not explicitly provided in the documents; exploitation status is not detailed. The...
CVE-2021-20100
CVE-2021-20100 affects Nessus Agent for Windows (8.2.4 and earlier). The issue comprises multiple local privilege escalation vulnerabilities that could let an authenticated, local administrator run specific Windows executables as the Nessus host. This is distinct from CVE-2021-20099. The connecte...
CVE-2024-0971
CVE-2024-0971 is a SQL injection vulnerability in Tenable Nessus. The linked documents confirm that an authenticated, low-privileged remote attacker could potentially alter contents of the scan DB. Exploitation details are not provided beyond this CVE entry. A remediation path is indicated by Ten...
CVE-2017-11506
Affected software and scenario: Nessus Agent and Nessus Scanner prior to version 6.11 (6.x) when linking to Tenable.io or other manager. Root cause: during the initial outgoing connection, the manager’s TLS certificate is not verified, creating a potential MITM condition. Impact: could allow an a...
CVE-2017-2122
CVE-2017-2122 is a stored cross-site scripting vulnerability in Nessus, affecting Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2. It allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors, potentially executing arbitrary JavaScript in the logged...
CVE-2018-1141
The CVE refers to Tenable Nessus local privilege escalation when Nessus is installed outside the default directory. Affected: Nessus installations prior to version 7.0.3. Issue: installed sub-directories did not have secure permissions, enabling privilege escalation if directory permissions were ...
CVE-2017-7849
CVE-2017-7849 affects Nessus Agent 6.10.x prior to 6.10.5. The vulnerability arises from insecure permissions in agent mode, allowing an authenticated, remote attacker to trigger a DoS by causing the agent to fail to conduct scans. The issue is documented alongside a related CVE-2017-7850 local p...