37 matches found
CVE-2022-0778
CVE-2022-0778 describes an infinite loop in BN_mod_sqrt() when parsing certain ASN.1 elliptic-curve parameters, enabling DoS during certificate or key processing. Affected OpenSSL versions include 1.0.2, 1.1.1, and 3.0 (specific ranges: 1.0.2 (1.0.2–1.0.2zc), 1.1.1 (1.1.1–1.1.1m), 3.0 (3.0.0–3.0....
CVE-2018-5407
CVE-2018-5407 is a PortSmash timing-side channel vulnerability in SMT/Hyper-Threading affecting OpenSSL. Local attackers could exploit a timing leakage during cryptographic operations to gain information. Documented in multiple advisories (e.g., ALAS/ALAS2 for OpenSSL) with remediation stating to...
CVE-2018-20843
The CVE-2018-20843 issue affects libexpat (Expat) prior to 2.2.7, where XML inputs with many colons can cause high RAM/CPU usage and enable DoS. Related CVE-2019-15903 describes a heap-based buffer over-read when crafted XML triggers early parsing state switches. Public advisories confirm that an...
CVE-2022-23852
Expat (libexpat) contains a signed integer overflow in XML_GetBuffer when XML_CONTEXT_BYTES is nonzero (CVE-2022-23852). IV was observed in multiple advisories and bulletins; the issue can lead to arbitrary code execution or crash if exploited. A fix exists in expat 2.4.4 and later; affected dist...
CVE-2022-23990
CVE-2022-23990 affects Expat (libexpat) before 2.4.4. The issue is an integer overflow in doProlog, leading to denial of service and potential exploitation. Advisories from AlmaLinux and Amazon Linux indicate remediation via upgrading expat to a fixed version (e.g., Expats newer than 2.4.4; ALAS ...
CVE-2022-22822
CVE-2022-22822 affects Expat (libexpat) prior to 2.4.3, where addBinding in xmlparse.c can overflow an integer and enable remote code execution or other impact as described in published advisories. The vulnerability is tied to an integer overflow in xmlparse.c (addBinding), with CVSS-derived seve...
CVE-2021-45960
CVE-2021-45960 (Expat/libexpat) is corroborated by connected advisories describing a left shift (29 or more) in storeAtts() of xmlparse.c that can trigger realloc misbehavior, potentially leading to allocation errors or memory mismanagement in Expat before 2.4.3. The CVE is repeatedly listed acro...
CVE-2022-22823
CVE-2022-22823 affects Expat (libexpat) with an integer overflow in build_model() in xmlparse.c, vulnerable prior to 2.4.3. The CVE is corroborated by multiple sources (e.g., ALAS2-2022-1809, ALSA-2022-7692) and Cloud Foundry USN references, all indicating Expat pre-2.4.3 contains the overflow is...
CVE-2022-22824
CVE-2022-22824 affects Expat (libexpat) with an integer overflow in defineAttribute() within xmlparse.c for versions before 2.4.3. The issue is confirmed by connected documents listing multiple Expat CVEs (e.g., CVE-2021-46143, CVE-2022-22822–22827) and advisories referencing 2.4.3 as the fix ver...
CVE-2022-22827
CVE-2022-22827 affects Expat (libexpat) stored in xmlparse.c: storeAtts has an integer overflow in versions before 2.4.3. The vulnerability can be triggered by processing crafted XML content and, as described in the advisories, may lead to crashes or arbitrary code execution in some contexts. Aff...
CVE-2022-22825
CVE-2022-22825 refers to an integer overflow in Expat (libexpat) within xmlparse.c (lookup function) present in versions before 2.4.3. The vulnerability is a code execution/impact class due to heap memory mismanagement from the overflow, with CVSS v3.1 base score 8.8 (high) and network/remote exp...
CVE-2021-46143
CVE-2021-46143 affects libexpat (Expat) in doProlog (xmlparse.c) with an integer overflow on m_groupSize prior to 2.4.3. The linked advisories and databases confirm related Expat overflow issues (and other overflow variants such as addBinding, build_model, defineAttribute, lookup, nextScaffoldPar...
CVE-2022-22826
CVE-2022-22826 is an integer overflow in the Expat (libexpat) XML parser, specifically in nextScaffoldPart of xmlparse.c, affecting versions before 2.4.3. The initial CVE description confirms the overflow, and connected advisories/patch notes (e.g., AlmaLinux ALAS-2022-1603/7692, CESA-2022:1069) ...
CVE-2023-3251
CVE-2023-3251 concerns Tenable Nessus prior to version 10.6.0. An authenticated administrator could exploit a pass-back vulnerability to uncover stored SMTP credentials within the Nessus application. The advisory and related references indicate Nessus 10.6.0 fixes these issues (the CVE-2023-3251 ...
CVE-2023-3252
CVE-2023-3252 affects Tenable Nessus prior to 10.5.5, where an authenticated, remote attacker with administrator privileges could modify logging variables to write arbitrary files on the remote host, causing a denial of service. The vulnerability is addressed in Nessus 10.5.5 (per TNS-2023-31). R...
CVE-2023-3253
CVE-2023-3253 describes an improper authorization vulnerability in Tenable Nessus where an authenticated, low-privileged remote attacker could view a list of all users in the application. Affected product: Nessus (pre-10.6.0 releases). The issue is confirmed in multiple feeds (Red Hat, NVD, CVE l...
CVE-2023-5847
CVE-2023-5847 is evidenced in connected docs as a local privilege escalation affecting Tenable Nessus/Nessus Agent. The flaw enables a low-privileged attacker to load a crafted file during installation or upgrade, potentially escalating to SYSTEM/root by exploiting OpenSSL configuration handling ...
CVE-2022-32973
CVE-2022-32973 affects Nessus Agent prior to 8.3.4 or 10.x prior to 10.1.4. An authenticated attacker could create a custom audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges. This is documented in Nessus/TNS advisories (e.g., TNS-2022-17) and li...
CVE-2019-3962
CVE-2019-3962 affects Tenable Nessus pre-8.5.0. An authenticated, local attacker can induce a targeted user to view a malicious URL and trigger Nessus to send fraudulent messages, allowing arbitrary text to be injected into the feed status, persisting after session expiration. Mitigation: upgrade...
CVE-2018-1148
Nessus before 7.1.0 is vulnerable to a session fixation flaw caused by insufficient session management. An authenticated attacker could hijack a user session after a password change by leveraging an existing session ID. The connected sources confirm the affected product (Tenable Nessus), the vuln...
CVE-2022-3499
CVE-2022-3499 affects Tenable Nessus 10.x prior to 10.4.0. An authenticated attacker could use identical agent and cluster node linking keys to cause unauthorized disclosure of agent logs and data. Tenable Nessus 10.4.0 fixes this issue (and CVE-2022-3498); remediation includes upgrading to 10.4....
CVE-2018-1147
The CVE-2018-1147 issue affects Nessus prior to 7.1.0, where improper input validation enables stored cross-site scripting (XSS). A remote authenticated attacker could craft and upload a .nessus file (or alter Advanced Settings) so that an administrator viewing it can trigger arbitrary script exe...
CVE-2022-33757
The CVE-2022-33757 entry describes an information disclosure in Nessus where an authenticated attacker can read Nessus Debug Log file attachments via the web UI without proper privileges. Public-connected sources corroborate that this affects Nessus and its web interface, enabling disclosure of s...
CVE-2023-6178
Summary: CVE-2023-6178 is an arbitrary file write vulnerability affecting Tenable Nessus Agent upstream/remote agent when self-reported as pre-10.4.4. An authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remot...
CVE-2022-4313
Summary: CVE-2022-4313 relates to Tenable products where an authenticated user with Scan Policy Configuration roles could modify audit policy variables to run arbitrary commands on credentialed scan targets, potentially leading to code execution. The vulnerability is discussed across multiple fee...
CVE-2022-32974
CVE-2022-32974 is confirmed in connected documents as affecting Tenable Nessus/ Nessus Agent prior to specific versions. An authenticated attacker could read arbitrary files from the underlying OS via a crafted compliance audit file, without SSH credentials. Exploitation details and affected vers...
CVE-2025-36630
CVE-2025-36630 affects Tenable Nessus on Windows, prior to version 10.8.5. A non‑administrative user could overwrite arbitrary local system files with log content, achieving SYSTEM privilege. Root cause details are not explicitly provided in the documents; exploitation status is not detailed. The...
CVE-2021-20100
CVE-2021-20100 affects Nessus Agent for Windows (8.2.4 and earlier). The issue comprises multiple local privilege escalation vulnerabilities that could let an authenticated, local administrator run specific Windows executables as the Nessus host. This is distinct from CVE-2021-20099. The connecte...
CVE-2023-6062
CVE-2023-6062 affects Tenable Nessus. An authenticated, remote attacker with administrator privileges can modify Nessus Rules variables to write arbitrary files on the remote host, causing a denial-of-service condition. Public references (TNS-2023-39/40) describe Nessus versions affected and vend...
CVE-2024-0971
CVE-2024-0971 is a SQL injection vulnerability in Tenable Nessus. The linked documents confirm that an authenticated, low-privileged remote attacker could potentially alter contents of the scan DB. Exploitation details are not provided beyond this CVE entry. A remediation path is indicated by Ten...
CVE-2018-1141
The CVE refers to Tenable Nessus local privilege escalation when Nessus is installed outside the default directory. Affected: Nessus installations prior to version 7.0.3. Issue: installed sub-directories did not have secure permissions, enabling privilege escalation if directory permissions were ...
CVE-2022-28291
The CVE-2022-28291 entry describes an information-disclosure vulnerability in Tenable Nessus (Essentials and Professional). An authenticated user with debug privileges can dump the nessusd process and read Nessus policy credentials in cleartext, enabling access to credentials stored in Nessus sca...
CVE-2016-1000029
Tenable Nessus before version 6.8 is affected by a stored cross-site scripting (XSS) vulnerability. The issue stems from insufficient input filtering in Nessus UI, enabling an authenticated administrator to inject script code that could affect other admins. This CVE (CVE-2016-1000029) is document...
CVE-2024-0955
CVE-2024-0955 is a stored XSS in Tenable Nessus where an authenticated administrator could alter proxy settings, potentially causing remote script execution. Affected software: Nessus (prior to 10.7.0). Impact per sources: proxy configuration manipulation leading to remote arbitrary scripts. Miti...
CVE-2016-1000028
CVE-2016-1000028 : A stored XSS in Tenable Nessus prior to 6.8 affects the Nessus UI. The issue requires authentication (admin-level access) and could potentially impact other admins. Affected software is Nessus 6.x before 6.8; root cause relates to improper input filtering in UI handling. The co...
CVE-2026-57588
CVE-2026-57588 is a SQL injection vulnerability in Nessus. A crafted malicious scan result file, when imported by a privileged user, injects SQL into the scan results database, potentially exfiltrating scan data. The vulnerability affects Nessus in scenarios where a scan-result file is imported b...
CVE-2026-57587
The CVE-2026-57587 entry describes a SQL injection in Nessus affecting the scan results database. An unauthenticated remote attacker who controls reverse DNS records for a scanned host can inject malicious SQL, potentially exfiltrating scan-result data. The connected documents specify Nessus as t...