14 matches found
CVE-2021-23841
CVE-2021-23841 is described in connected advisories as a NULL pointer dereference in OpenSSL’s X509_issuer_and_serial_hash() when parsing the issuer field. This can crash a process if certificates from untrusted sources are processed and the issuer parsing fails, enabling a potential denial of se...
CVE-2020-1971
CVE-2020-1971 is described across multiple connected sources as a NULL-dereference in OpenSSL’s GENERAL_NAME_cmp when EDIPARTYNAME is present, potentially enabling a denial-of-service crash. Affected OpenSSL versions include all 1.1.1 and 1.0.2 lines; fixes are published in OpenSSL 1.1.1i and Ope...
CVE-2021-3449
CVE-2021-3449 affects OpenSSL 1.1.1.x where a TLSv1.2 server may crash (DoS) if it receives a renegotiation ClientHello that omits the signature_algorithms extension but includes signature_algorithms_cert. The issue is a NULL pointer dereference leading to a denial of service; OpenSSL clients are...
CVE-2021-23840
CVE-2021-23840 describes an integer-length overflow in EVP_CipherUpdate, EVP_EncryptUpdate, and EVP_DecryptUpdate that can cause a negative output length value when input length is near the platform’s integer limit. This can lead to application crashes or incorrect behavior. Affected OpenSSL rele...
CVE-2021-3711
CVE-2021-3711 involves a bug in OpenSSL SM2 decryption: the buffer-size calculation during EVP_PKEY_decrypt() first call can under-allocate, enabling a later second call with a too-small buffer and causing a buffer overflow (up to 62 bytes). The issue affects OpenSSL 1.1.1 up to 1.1.1k and is fix...
CVE-2021-3712
The CVE-2021-3712 issue affects OpenSSL where ASN1_STRING data may not be NUL-terminated if constructed directly (or via ASN1_STRING_set0), causing read-buffer overreads when many OpenSSL print/name-constraining paths handle such ASN.1 strings. Exploitation could crash the application (DoS) or di...
CVE-2021-3450
CVE-2021-3450 affects OpenSSL 1.1.1h–1.1.1j where a bug in the X509_V_FLAG_X509_STRICT path overwrote a prior CA-check result, bypassing the non-CA certificates prohibition unless a programmed purpose is used. When a purpose is configured, the certificate chain is still rejected; the issue is fix...
CVE-2024-9158
CVE-2024-9158 is a stored cross-site scripting vulnerability in Nessus Network Monitor (NNM). The available connected sources confirm: an authenticated, privileged local attacker can inject arbitrary code into the NNM UI via the local CLI. Affected software is Nessus Network Monitor prior to vers...
CVE-2025-24916
CVE-2025-24916 affects Tenable Network Monitor prior to version 6.5.1 on Windows. The root cause is improper permission enforcement for sub-directories when the product is installed to a non-default location, creating a path for local privilege escalation if directory security is not properly con...
CVE-2020-5794
CVE-2020-5794 – Nessus Network Monitor (Windows) affects versions 5.11.0, 5.11.1, and 5.12.0. Externally authenticated by a valid Windows user, an attacker could execute arbitrary code by copying user-supplied files to a specially constructed path within a named user directory. The provided docum...
CVE-2023-5622
CVE-2023-5622 affects Tenable Nessus Network Monitor. The issue allows a low-privilege user to escalate to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file, under conditions described by CVE-2023-5622. Documents indicate the vulnerability is in Nessus Network Monitor pri...
CVE-2023-5624
CVE-2023-5624 is tied to Nessus Network Monitor before 6.3.0, where insufficient input validation could let an admin modify parameters and potentially enable a blind SQL injection. Affected component is Nessus Network Monitor; underlying issue and impact are described in the TNS-2023-34 advisory ...
CVE-2025-24917
CVE-2025-24917 affects Tenable Network Monitor prior to version 6.5.1 on Windows. A non-administrative user can stage files in a local directory to execute arbitrary code with SYSTEM privileges, enabling local privilege escalation. The issue is documented in multiple sources (including Tenable TN...
CVE-2023-5623
CVE-2023-5623 affects Tenable Nessus Network Monitor (NNM). The issue is that NNM could fail to correctly set ACLs on its installation directory, enabling a low-privileged user to execute arbitrary code with SYSTEM privileges when NNM is installed to a non-standard location. The connected Nessus-...