Lucene search
K
TenableNessus Network Monitor

14 matches found

CVE
CVE
added 2021/02/16 4:55 p.m.2011 views

CVE-2021-23841

CVE-2021-23841 is described in connected advisories as a NULL pointer dereference in OpenSSL’s X509_issuer_and_serial_hash() when parsing the issuer field. This can crash a process if certificates from untrusted sources are processed and the issuer parsing fails, enabling a potential denial of se...

5.9CVSS7AI score0.07471EPSS
CVE
CVE
added 2020/12/08 3:30 p.m.1193 views

CVE-2020-1971

CVE-2020-1971 is described across multiple connected sources as a NULL-dereference in OpenSSL’s GENERAL_NAME_cmp when EDIPARTYNAME is present, potentially enabling a denial-of-service crash. Affected OpenSSL versions include all 1.1.1 and 1.0.2 lines; fixes are published in OpenSSL 1.1.1i and Ope...

5.9CVSS5.7AI score0.06968EPSS
CVE
CVE
added 2021/03/25 2:25 p.m.813 views

CVE-2021-3449

CVE-2021-3449 affects OpenSSL 1.1.1.x where a TLSv1.2 server may crash (DoS) if it receives a renegotiation ClientHello that omits the signature_algorithms extension but includes signature_algorithms_cert. The issue is a NULL pointer dereference leading to a denial of service; OpenSSL clients are...

5.9CVSS6.7AI score0.62906EPSS
CVE
CVE
added 2021/02/16 4:55 p.m.804 views

CVE-2021-23840

CVE-2021-23840 describes an integer-length overflow in EVP_CipherUpdate, EVP_EncryptUpdate, and EVP_DecryptUpdate that can cause a negative output length value when input length is near the platform’s integer limit. This can lead to application crashes or incorrect behavior. Affected OpenSSL rele...

7.5CVSS8AI score0.50732EPSS
CVE
CVE
added 2021/08/24 2:50 p.m.766 views

CVE-2021-3711

CVE-2021-3711 involves a bug in OpenSSL SM2 decryption: the buffer-size calculation during EVP_PKEY_decrypt() first call can under-allocate, enabling a later second call with a too-small buffer and causing a buffer overflow (up to 62 bytes). The issue affects OpenSSL 1.1.1 up to 1.1.1k and is fix...

9.8CVSS9.9AI score0.87816EPSS
CVE
CVE
added 2021/08/24 2:50 p.m.710 views

CVE-2021-3712

The CVE-2021-3712 issue affects OpenSSL where ASN1_STRING data may not be NUL-terminated if constructed directly (or via ASN1_STRING_set0), causing read-buffer overreads when many OpenSSL print/name-constraining paths handle such ASN.1 strings. Exploitation could crash the application (DoS) or di...

7.4CVSS8AI score0.50445EPSS
CVE
CVE
added 2021/03/25 2:25 p.m.564 views

CVE-2021-3450

CVE-2021-3450 affects OpenSSL 1.1.1h–1.1.1j where a bug in the X509_V_FLAG_X509_STRICT path overwrote a prior CA-check result, bypassing the non-CA certificates prohibition unless a programmed purpose is used. When a purpose is configured, the certificate chain is still rejected; the issue is fix...

7.4CVSS7.6AI score0.18339EPSS
CVE
CVE
added 2024/09/30 4:24 p.m.69 views

CVE-2024-9158

CVE-2024-9158 is a stored cross-site scripting vulnerability in Nessus Network Monitor (NNM). The available connected sources confirm: an authenticated, privileged local attacker can inject arbitrary code into the NNM UI via the local CLI. Affected software is Nessus Network Monitor prior to vers...

8.4CVSS6AI score0.00308EPSS
CVE
CVE
added 2025/05/23 3:46 p.m.59 views

CVE-2025-24916

CVE-2025-24916 affects Tenable Network Monitor prior to version 6.5.1 on Windows. The root cause is improper permission enforcement for sub-directories when the product is installed to a non-default location, creating a path for local privilege escalation if directory security is not properly con...

7.8CVSS7AI score0.0014EPSS
CVE
CVE
added 2020/11/06 4:12 p.m.57 views

CVE-2020-5794

CVE-2020-5794 – Nessus Network Monitor (Windows) affects versions 5.11.0, 5.11.1, and 5.12.0. Externally authenticated by a valid Windows user, an attacker could execute arbitrary code by copying user-supplied files to a specially constructed path within a named user directory. The provided docum...

7.8CVSS7.7AI score0.00356EPSS
CVE
CVE
added 2023/10/26 4:18 p.m.57 views

CVE-2023-5622

CVE-2023-5622 affects Tenable Nessus Network Monitor. The issue allows a low-privilege user to escalate to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file, under conditions described by CVE-2023-5622. Documents indicate the vulnerability is in Nessus Network Monitor pri...

8.8CVSS7.7AI score0.00471EPSS
CVE
CVE
added 2023/10/26 4:36 p.m.52 views

CVE-2023-5624

CVE-2023-5624 is tied to Nessus Network Monitor before 6.3.0, where insufficient input validation could let an admin modify parameters and potentially enable a blind SQL injection. Affected component is Nessus Network Monitor; underlying issue and impact are described in the TNS-2023-34 advisory ...

7.2CVSS7AI score0.00484EPSS
CVE
CVE
added 2025/05/23 3:59 p.m.50 views

CVE-2025-24917

CVE-2025-24917 affects Tenable Network Monitor prior to version 6.5.1 on Windows. A non-administrative user can stage files in a local directory to execute arbitrary code with SYSTEM privileges, enabling local privilege escalation. The issue is documented in multiple sources (including Tenable TN...

7.8CVSS7.6AI score0.00152EPSS
CVE
CVE
added 2023/10/26 4:25 p.m.46 views

CVE-2023-5623

CVE-2023-5623 affects Tenable Nessus Network Monitor (NNM). The issue is that NNM could fail to correctly set ACLs on its installation directory, enabling a low-privileged user to execute arbitrary code with SYSTEM privileges when NNM is installed to a non-standard location. The connected Nessus-...

7.8CVSS7.4AI score0.00151EPSS