11 matches found
CVE-2019-16168
CVE-2019-16168 affects SQLite up to version 3.29.0, whereLoopAddBtreeIndex in sqlite3.c may crash a browser/application due to missing validation of sqlite_stat1 sz, described as a severe division by zero in the query planner. Connected documents show multiple advisories referencing the fix in SQ...
CVE-2021-3450
CVE-2021-3450 affects OpenSSL 1.1.1h–1.1.1j where a bug in the X509_V_FLAG_X509_STRICT path overwrote a prior CA-check result, bypassing the non-CA certificates prohibition unless a programmed purpose is used. When a purpose is configured, the certificate chain is still rejected; the issue is fix...
CVE-2023-5847
CVE-2023-5847 is evidenced in connected docs as a local privilege escalation affecting Tenable Nessus/Nessus Agent. The flaw enables a low-privileged attacker to load a crafted file during installation or upgrade, potentially escalating to SYSTEM/root by exploiting OpenSSL configuration handling ...
CVE-2026-2026
The CVE-2026-2026 entry concerns the Nessus Agent for Windows with weak file permissions in its installation directory, allowing unauthorized access that can lead to Denial of Service. Reported CVSS metrics indicate a Local attack with Low privilege required and No user interaction, contributing ...
CVE-2020-5793
CVE-2020-5793 affects Tenable Nessus (Windows) versions 8.9.0–8.12.0 and Nessus Agent 8.0.0–8.1.0. An authenticated local attacker can copy user-supplied files to a specially crafted path in a named user directory by dropping a malicious file into a system directory. The exploit requires valid Wi...
CVE-2021-20077
CVE-2021-20077 affects Tenable Nessus Agent versions 7.2.0–8.2.2 installed on Amazon EC2. During initial linking, the agent could inadvertently capture the IAM role security token on the local host, enabling a privileged attacker to obtain the token. The commonly cited remediation is upgrading to...
CVE-2021-20117
CVE-2021-20117 affects Nessus Agent 8.3.0 and earlier. Local privilege escalation enables an authenticated, local administrator to execute certain executables on the Nessus Agent host. This entry is distinct from CVE-2021-20118. The provided documents do not specify exploitation details, affected...
CVE-2025-36631
CVE-2025-36631 affects Tenable Agent on Windows before version 10.8.5, where a non-administrative user could overwrite arbitrary local system files with content written to logs, executing with SYSTEM privileges (local privilege escalation). The issue is confirmed across multiple sources in the co...
CVE-2025-36633
CVE-2025-36633 affects Tenable Agent on Windows prior to version 10.8.5. A non-administrative user could delete local system files with SYSTEM privileges, enabling local privilege escalation. The issue is documented across multiple feeds (NVD, Red Hat, CNVD, PT Security, etc.). The remediation co...
CVE-2021-20118
CVE-2021-20118 concerns Nessus Agent 8.3.0 and earlier, where an authenticated local administrator could cause a local privilege escalation by running certain executables on the Nessus Agent host. The connection between CVE-2021-20118 and CVE-2021-20117 is noted in sources; the exact root cause d...
CVE-2025-36632
CVE-2025-36632 affects Tenable Agent on Windows prior to 10.8.5, where a non-administrative user can execute code with SYSTEM privileges. The vulnerability is documented across multiple sources (including Red Hat, NVD, CNVD) as a local privilege escalation in Tenable Agent; Tenable has released v...