Lucene search
K

37 matches found

CVE
CVE
added 2022/03/15 5:5 p.m.1353 views

CVE-2022-0778

CVE-2022-0778 describes an infinite loop in BN_mod_sqrt() when parsing certain ASN.1 elliptic-curve parameters, enabling DoS during certificate or key processing. Affected OpenSSL versions include 1.0.2, 1.1.1, and 3.0 (specific ranges: 1.0.2 (1.0.2–1.0.2zc), 1.1.1 (1.1.1–1.1.1m), 3.0 (3.0.0–3.0....

7.5CVSS7.8AI score0.70561EPSS
In wildWeb
CVE
CVE
added 2018/11/15 9:0 p.m.675 views

CVE-2018-5407

CVE-2018-5407 is a PortSmash timing-side channel vulnerability in SMT/Hyper-Threading affecting OpenSSL. Local attackers could exploit a timing leakage during cryptographic operations to gain information. Documented in multiple advisories (e.g., ALAS/ALAS2 for OpenSSL) with remediation stating to...

4.7CVSS5.6AI score0.03418EPSS
CVE
CVE
added 2019/06/24 4:6 p.m.521 views

CVE-2018-20843

The CVE-2018-20843 issue affects libexpat (Expat) prior to 2.2.7, where XML inputs with many colons can cause high RAM/CPU usage and enable DoS. Related CVE-2019-15903 describes a heap-based buffer over-read when crafted XML triggers early parsing state switches. Public advisories confirm that an...

7.8CVSS7.5AI score0.07107EPSS
CVE
CVE
added 2022/01/24 1:6 a.m.488 views

CVE-2022-23852

Expat (libexpat) contains a signed integer overflow in XML_GetBuffer when XML_CONTEXT_BYTES is nonzero (CVE-2022-23852). IV was observed in multiple advisories and bulletins; the issue can lead to arbitrary code execution or crash if exploited. A fix exists in expat 2.4.4 and later; affected dist...

9.8CVSS9.6AI score0.04525EPSS
CVE
CVE
added 2022/01/26 6:2 p.m.446 views

CVE-2022-23990

CVE-2022-23990 affects Expat (libexpat) before 2.4.4. The issue is an integer overflow in doProlog, leading to denial of service and potential exploitation. Advisories from AlmaLinux and Amazon Linux indicate remediation via upgrading expat to a fixed version (e.g., Expats newer than 2.4.4; ALAS ...

7.5CVSS8.7AI score0.03992EPSS
CVE
CVE
added 2022/01/08 2:57 a.m.413 views

CVE-2022-22822

CVE-2022-22822 affects Expat (libexpat) prior to 2.4.3, where addBinding in xmlparse.c can overflow an integer and enable remote code execution or other impact as described in published advisories. The vulnerability is tied to an integer overflow in xmlparse.c (addBinding), with CVSS-derived seve...

9.8CVSS9.5AI score0.04829EPSS
CVE
CVE
added 2022/01/01 6:47 p.m.351 views

CVE-2021-45960

CVE-2021-45960 (Expat/libexpat) is corroborated by connected advisories describing a left shift (29 or more) in storeAtts() of xmlparse.c that can trigger realloc misbehavior, potentially leading to allocation errors or memory mismanagement in Expat before 2.4.3. The CVE is repeatedly listed acro...

9CVSS9.1AI score0.042EPSS
CVE
CVE
added 2022/01/08 2:57 a.m.332 views

CVE-2022-22823

CVE-2022-22823 affects Expat (libexpat) with an integer overflow in build_model() in xmlparse.c, vulnerable prior to 2.4.3. The CVE is corroborated by multiple sources (e.g., ALAS2-2022-1809, ALSA-2022-7692) and Cloud Foundry USN references, all indicating Expat pre-2.4.3 contains the overflow is...

9.8CVSS9.5AI score0.03376EPSS
CVE
CVE
added 2022/01/08 2:56 a.m.329 views

CVE-2022-22824

CVE-2022-22824 affects Expat (libexpat) with an integer overflow in defineAttribute() within xmlparse.c for versions before 2.4.3. The issue is confirmed by connected documents listing multiple Expat CVEs (e.g., CVE-2021-46143, CVE-2022-22822–22827) and advisories referencing 2.4.3 as the fix ver...

9.8CVSS9.5AI score0.03376EPSS
CVE
CVE
added 2022/01/08 2:56 a.m.295 views

CVE-2022-22827

CVE-2022-22827 affects Expat (libexpat) stored in xmlparse.c: storeAtts has an integer overflow in versions before 2.4.3. The vulnerability can be triggered by processing crafted XML content and, as described in the advisories, may lead to crashes or arbitrary code execution in some contexts. Aff...

8.8CVSS9.2AI score0.02778EPSS
CVE
CVE
added 2022/01/08 2:56 a.m.293 views

CVE-2022-22825

CVE-2022-22825 refers to an integer overflow in Expat (libexpat) within xmlparse.c (lookup function) present in versions before 2.4.3. The vulnerability is a code execution/impact class due to heap memory mismanagement from the overflow, with CVSS v3.1 base score 8.8 (high) and network/remote exp...

8.8CVSS9.2AI score0.02614EPSS
CVE
CVE
added 2022/01/06 3:48 a.m.290 views

CVE-2021-46143

CVE-2021-46143 affects libexpat (Expat) in doProlog (xmlparse.c) with an integer overflow on m_groupSize prior to 2.4.3. The linked advisories and databases confirm related Expat overflow issues (and other overflow variants such as addBinding, build_model, defineAttribute, lookup, nextScaffoldPar...

8.1CVSS8.9AI score0.03759EPSS
CVE
CVE
added 2022/01/08 2:56 a.m.285 views

CVE-2022-22826

CVE-2022-22826 is an integer overflow in the Expat (libexpat) XML parser, specifically in nextScaffoldPart of xmlparse.c, affecting versions before 2.4.3. The initial CVE description confirms the overflow, and connected advisories/patch notes (e.g., AlmaLinux ALAS-2022-1603/7692, CESA-2022:1069) ...

8.8CVSS9.2AI score0.02778EPSS
CVE
CVE
added 2023/08/29 6:38 p.m.213 views

CVE-2023-3251

CVE-2023-3251 concerns Tenable Nessus prior to version 10.6.0. An authenticated administrator could exploit a pass-back vulnerability to uncover stored SMTP credentials within the Nessus application. The advisory and related references indicate Nessus 10.6.0 fixes these issues (the CVE-2023-3251 ...

4.9CVSS5AI score0.00458EPSS
CVE
CVE
added 2023/08/29 6:55 p.m.200 views

CVE-2023-3252

CVE-2023-3252 affects Tenable Nessus prior to 10.5.5, where an authenticated, remote attacker with administrator privileges could modify logging variables to write arbitrary files on the remote host, causing a denial of service. The vulnerability is addressed in Nessus 10.5.5 (per TNS-2023-31). R...

6.8CVSS6.4AI score0.00598EPSS
CVE
CVE
added 2023/08/29 7:8 p.m.172 views

CVE-2023-3253

CVE-2023-3253 describes an improper authorization vulnerability in Tenable Nessus where an authenticated, low-privileged remote attacker could view a list of all users in the application. Affected product: Nessus (pre-10.6.0 releases). The issue is confirmed in multiple feeds (Red Hat, NVD, CVE l...

4.3CVSS4.8AI score0.00391EPSS
CVE
CVE
added 2023/11/01 3:30 p.m.157 views

CVE-2023-5847

CVE-2023-5847 is evidenced in connected docs as a local privilege escalation affecting Tenable Nessus/Nessus Agent. The flaw enables a low-privileged attacker to load a crafted file during installation or upgrade, potentially escalating to SYSTEM/root by exploiting OpenSSL configuration handling ...

7.3CVSS7.1AI score0.00223EPSS
CVE
CVE
added 2022/06/21 2:23 p.m.112 views

CVE-2022-32973

CVE-2022-32973 affects Nessus Agent prior to 8.3.4 or 10.x prior to 10.1.4. An authenticated attacker could create a custom audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges. This is documented in Nessus/TNS advisories (e.g., TNS-2022-17) and li...

9CVSS8.5AI score0.01255EPSS
CVE
CVE
added 2019/07/01 7:39 p.m.111 views

CVE-2019-3962

CVE-2019-3962 affects Tenable Nessus pre-8.5.0. An authenticated, local attacker can induce a targeted user to view a malicious URL and trigger Nessus to send fraudulent messages, allowing arbitrary text to be injected into the feed status, persisting after session expiration. Mitigation: upgrade...

4.3CVSS4.5AI score0.00954EPSS
CVE
CVE
added 2018/05/18 10:0 p.m.92 views

CVE-2018-1148

Nessus before 7.1.0 is vulnerable to a session fixation flaw caused by insufficient session management. An authenticated attacker could hijack a user session after a password change by leveraging an existing session ID. The connected sources confirm the affected product (Tenable Nessus), the vuln...

6.5CVSS6.3AI score0.00769EPSS
CVE
CVE
added 2022/10/31 12:0 a.m.91 views

CVE-2022-3499

CVE-2022-3499 affects Tenable Nessus 10.x prior to 10.4.0. An authenticated attacker could use identical agent and cluster node linking keys to cause unauthorized disclosure of agent logs and data. Tenable Nessus 10.4.0 fixes this issue (and CVE-2022-3498); remediation includes upgrading to 10.4....

6.5CVSS6.2AI score0.00775EPSS
CVE
CVE
added 2018/05/18 10:0 p.m.84 views

CVE-2018-1147

The CVE-2018-1147 issue affects Nessus prior to 7.1.0, where improper input validation enables stored cross-site scripting (XSS). A remote authenticated attacker could craft and upload a .nessus file (or alter Advanced Settings) so that an administrator viewing it can trigger arbitrary script exe...

5.4CVSS5.6AI score0.01148EPSS
CVE
CVE
added 2022/10/24 9:12 p.m.79 views

CVE-2022-33757

The CVE-2022-33757 entry describes an information disclosure in Nessus where an authenticated attacker can read Nessus Debug Log file attachments via the web UI without proper privileges. Public-connected sources corroborate that this affects Nessus and its web interface, enabling disclosure of s...

6.5CVSS6.7AI score0.00783EPSS
CVE
CVE
added 2023/11/20 8:35 p.m.76 views

CVE-2023-6178

Summary: CVE-2023-6178 is an arbitrary file write vulnerability affecting Tenable Nessus Agent upstream/remote agent when self-reported as pre-10.4.4. An authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remot...

6.8CVSS6.4AI score0.00826EPSS
CVE
CVE
added 2023/03/15 12:0 a.m.72 views

CVE-2022-4313

Summary: CVE-2022-4313 relates to Tenable products where an authenticated user with Scan Policy Configuration roles could modify audit policy variables to run arbitrary commands on credentialed scan targets, potentially leading to code execution. The vulnerability is discussed across multiple fee...

8.8CVSS8.8AI score0.01236EPSS
CVE
CVE
added 2022/06/21 2:23 p.m.69 views

CVE-2022-32974

CVE-2022-32974 is confirmed in connected documents as affecting Tenable Nessus/ Nessus Agent prior to specific versions. An authenticated attacker could read arbitrary files from the underlying OS via a crafted compliance audit file, without SSH credentials. Exploitation details and affected vers...

6.5CVSS7.1AI score0.00704EPSS
CVE
CVE
added 2025/07/01 11:11 p.m.69 views

CVE-2025-36630

CVE-2025-36630 affects Tenable Nessus on Windows, prior to version 10.8.5. A non‑administrative user could overwrite arbitrary local system files with log content, achieving SYSTEM privilege. Root cause details are not explicitly provided in the documents; exploitation status is not detailed. The...

8.4CVSS6.4AI score0.00175EPSS
CVE
CVE
added 2021/06/28 10:29 a.m.68 views

CVE-2021-20100

CVE-2021-20100 affects Nessus Agent for Windows (8.2.4 and earlier). The issue comprises multiple local privilege escalation vulnerabilities that could let an authenticated, local administrator run specific Windows executables as the Nessus host. This is distinct from CVE-2021-20099. The connecte...

6.7CVSS7AI score0.00348EPSS
CVE
CVE
added 2023/11/20 8:20 p.m.68 views

CVE-2023-6062

CVE-2023-6062 affects Tenable Nessus. An authenticated, remote attacker with administrator privileges can modify Nessus Rules variables to write arbitrary files on the remote host, causing a denial-of-service condition. Public references (TNS-2023-39/40) describe Nessus versions affected and vend...

6.8CVSS6.5AI score0.01034EPSS
CVE
CVE
added 2024/02/06 11:38 p.m.68 views

CVE-2024-0971

CVE-2024-0971 is a SQL injection vulnerability in Tenable Nessus. The linked documents confirm that an authenticated, low-privileged remote attacker could potentially alter contents of the scan DB. Exploitation details are not provided beyond this CVE entry. A remediation path is indicated by Ten...

6.5CVSS6.8AI score0.00779EPSS
CVE
CVE
added 2018/03/20 6:0 p.m.67 views

CVE-2018-1141

The CVE refers to Tenable Nessus local privilege escalation when Nessus is installed outside the default directory. Affected: Nessus installations prior to version 7.0.3. Issue: installed sub-directories did not have secure permissions, enabling privilege escalation if directory permissions were ...

7CVSS6.9AI score0.00246EPSS
CVE
CVE
added 2022/10/17 12:0 a.m.62 views

CVE-2022-28291

The CVE-2022-28291 entry describes an information-disclosure vulnerability in Tenable Nessus (Essentials and Professional). An authenticated user with debug privileges can dump the nessusd process and read Nessus policy credentials in cleartext, enabling access to credentials stored in Nessus sca...

6.5CVSS6.3AI score0.00638EPSS
CVE
CVE
added 2019/12/27 2:24 p.m.60 views

CVE-2016-1000029

Tenable Nessus before version 6.8 is affected by a stored cross-site scripting (XSS) vulnerability. The issue stems from insufficient input filtering in Nessus UI, enabling an authenticated administrator to inject script code that could affect other admins. This CVE (CVE-2016-1000029) is document...

4.8CVSS5AI score0.00858EPSS
CVE
CVE
added 2024/02/06 11:34 p.m.59 views

CVE-2024-0955

CVE-2024-0955 is a stored XSS in Tenable Nessus where an authenticated administrator could alter proxy settings, potentially causing remote script execution. Affected software: Nessus (prior to 10.7.0). Impact per sources: proxy configuration manipulation leading to remote arbitrary scripts. Miti...

4.8CVSS5.5AI score0.00561EPSS
CVE
CVE
added 2019/12/27 2:19 p.m.54 views

CVE-2016-1000028

CVE-2016-1000028 : A stored XSS in Tenable Nessus prior to 6.8 affects the Nessus UI. The issue requires authentication (admin-level access) and could potentially impact other admins. Affected software is Nessus 6.x before 6.8; root cause relates to improper input filtering in UI handling. The co...

4.8CVSS5AI score0.00858EPSS
CVE
CVE
added 2026/06/25 1:47 p.m.21 views

CVE-2026-57588

CVE-2026-57588 is a SQL injection vulnerability in Nessus. A crafted malicious scan result file, when imported by a privileged user, injects SQL into the scan results database, potentially exfiltrating scan data. The vulnerability affects Nessus in scenarios where a scan-result file is imported b...

4.6CVSS5.9AI score0.00304EPSS
CVE
CVE
added 2026/06/25 1:47 p.m.11 views

CVE-2026-57587

The CVE-2026-57587 entry describes a SQL injection in Nessus affecting the scan results database. An unauthenticated remote attacker who controls reverse DNS records for a scanned host can inject malicious SQL, potentially exfiltrating scan-result data. The connected documents specify Nessus as t...

6.3CVSS5.9AI score0.00339EPSS