Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nessus
(Tenable)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 64 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-01-10 | CVE-2022-22824 | defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | Debian_linux, Libexpat, Sinema_remote_connect_server, Nessus | 9.8 | ||
| 2022-01-10 | CVE-2022-22823 | build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | Debian_linux, Libexpat, Sinema_remote_connect_server, Nessus | 9.8 | ||
| 2022-01-10 | CVE-2022-22825 | lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | Debian_linux, Libexpat, Sinema_remote_connect_server, Nessus | 8.8 | ||
| 2022-01-10 | CVE-2022-22826 | nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | Debian_linux, Libexpat, Sinema_remote_connect_server, Nessus | 8.8 | ||
| 2022-01-10 | CVE-2022-22827 | storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | Debian_linux, Libexpat, Sinema_remote_connect_server, Nessus | 8.8 | ||
| 2022-01-24 | CVE-2022-23852 | Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | Debian_linux, Libexpat, Clustered_data_ontap, Oncommand_workflow_automation, Communications_metasolv_solution, Sinema_remote_connect_server, Nessus | 9.8 | ||
| 2022-01-26 | CVE-2022-23990 | Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | Debian_linux, Fedora, Libexpat, Communications_metasolv_solution, Sinema_remote_connect_server, Nessus | 7.5 | ||
| 2022-03-15 | CVE-2022-0778 | The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to... | Debian_linux, Fedora, Mariadb, 500f_firmware, A250_firmware, Cloud_volumes_ontap_mediator, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Santricity_smi\-S_provider, Storagegrid, Node\.js, Openssl, Nessus | 7.5 | ||
| 2022-06-21 | CVE-2022-32973 | An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges. | Nessus | 8.8 | ||
| 2022-06-21 | CVE-2022-32974 | An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials. | Nessus | 6.5 |