8 matches found
CVE-2020-1971
CVE-2020-1971 is described across multiple connected sources as a NULL-dereference in OpenSSL’s GENERAL_NAME_cmp when EDIPARTYNAME is present, potentially enabling a denial-of-service crash. Affected OpenSSL versions include all 1.1.1 and 1.0.2 lines; fixes are published in OpenSSL 1.1.1i and Ope...
CVE-2021-3712
The CVE-2021-3712 issue affects OpenSSL where ASN1_STRING data may not be NUL-terminated if constructed directly (or via ASN1_STRING_set0), causing read-buffer overreads when many OpenSSL print/name-constraining paths handle such ASN.1 strings. Exploitation could crash the application (DoS) or di...
CVE-2024-9158
CVE-2024-9158 is a stored cross-site scripting vulnerability in Nessus Network Monitor (NNM). The available connected sources confirm: an authenticated, privileged local attacker can inject arbitrary code into the NNM UI via the local CLI. Affected software is Nessus Network Monitor prior to vers...
CVE-2025-24916
CVE-2025-24916 affects Tenable Network Monitor prior to version 6.5.1 on Windows. The root cause is improper permission enforcement for sub-directories when the product is installed to a non-default location, creating a path for local privilege escalation if directory security is not properly con...
CVE-2023-5622
CVE-2023-5622 affects Tenable Nessus Network Monitor. The issue allows a low-privilege user to escalate to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file, under conditions described by CVE-2023-5622. Documents indicate the vulnerability is in Nessus Network Monitor pri...
CVE-2023-5624
CVE-2023-5624 is tied to Nessus Network Monitor before 6.3.0, where insufficient input validation could let an admin modify parameters and potentially enable a blind SQL injection. Affected component is Nessus Network Monitor; underlying issue and impact are described in the TNS-2023-34 advisory ...
CVE-2025-24917
CVE-2025-24917 affects Tenable Network Monitor prior to version 6.5.1 on Windows. A non-administrative user can stage files in a local directory to execute arbitrary code with SYSTEM privileges, enabling local privilege escalation. The issue is documented in multiple sources (including Tenable TN...
CVE-2023-5623
CVE-2023-5623 affects Tenable Nessus Network Monitor (NNM). The issue is that NNM could fail to correctly set ACLs on its installation directory, enabling a low-privileged user to execute arbitrary code with SYSTEM privileges when NNM is installed to a non-standard location. The connected Nessus-...