Filtered by vendor Tenable
Subscriptions
Total
141 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-20077 | 1 Tenable | 1 Nessus Agent | 2024-08-03 | 6.7 Medium |
Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. | ||||
CVE-2021-20100 | 2 Microsoft, Tenable | 2 Windows, Nessus | 2024-08-03 | 6.7 Medium |
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099. | ||||
CVE-2021-20135 | 1 Tenable | 1 Nessus | 2024-08-03 | 6.7 Medium |
Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/nessus). | ||||
CVE-2021-20118 | 1 Tenable | 1 Nessus Agent | 2024-08-03 | 6.7 Medium |
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117. | ||||
CVE-2021-20106 | 1 Tenable | 1 Nessus | 2024-08-03 | 6.5 Medium |
Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host. | ||||
CVE-2021-20099 | 2 Microsoft, Tenable | 2 Windows, Nessus | 2024-08-03 | 6.7 Medium |
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100. | ||||
CVE-2021-20079 | 1 Tenable | 1 Nessus | 2024-08-03 | 6.7 Medium |
Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host. | ||||
CVE-2021-20076 | 1 Tenable | 1 Tenable.sc | 2024-08-03 | 8.8 High |
Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization. | ||||
CVE-2022-33757 | 1 Tenable | 1 Nessus | 2024-08-03 | 6.5 Medium |
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance. | ||||
CVE-2022-32973 | 1 Tenable | 1 Nessus | 2024-08-03 | 8.8 High |
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges. | ||||
CVE-2022-32974 | 1 Tenable | 1 Nessus | 2024-08-03 | 6.5 Medium |
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials. | ||||
CVE-2022-28291 | 1 Tenable | 1 Nessus | 2024-08-03 | 6.5 Medium |
Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets. | ||||
CVE-2022-24828 | 3 Fedoraproject, Getcomposer, Tenable | 3 Fedora, Composer, Tenable.sc | 2024-08-03 | 8.3 High |
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report. | ||||
CVE-2022-24785 | 6 Debian, Fedoraproject, Momentjs and 3 more | 15 Debian Linux, Fedora, Moment and 12 more | 2024-08-03 | 7.5 High |
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js. | ||||
CVE-2022-23990 | 7 Debian, Fedoraproject, Libexpat Project and 4 more | 8 Debian Linux, Fedora, Libexpat and 5 more | 2024-08-03 | 7.5 High |
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | ||||
CVE-2022-23852 | 7 Debian, Libexpat Project, Netapp and 4 more | 10 Debian Linux, Libexpat, Clustered Data Ontap and 7 more | 2024-08-03 | 9.8 Critical |
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | ||||
CVE-2022-22825 | 5 Debian, Libexpat Project, Redhat and 2 more | 6 Debian Linux, Libexpat, Enterprise Linux and 3 more | 2024-08-03 | 8.8 High |
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||||
CVE-2022-22827 | 5 Debian, Libexpat Project, Redhat and 2 more | 6 Debian Linux, Libexpat, Enterprise Linux and 3 more | 2024-08-03 | 8.8 High |
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||||
CVE-2022-22824 | 5 Debian, Libexpat Project, Redhat and 2 more | 6 Debian Linux, Libexpat, Enterprise Linux and 3 more | 2024-08-03 | 9.8 Critical |
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||||
CVE-2022-22826 | 5 Debian, Libexpat Project, Redhat and 2 more | 6 Debian Linux, Libexpat, Enterprise Linux and 3 more | 2024-08-03 | 8.8 High |
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |