CVE-2023-0101
- EPSS 0.82%
- Veröffentlicht 20.01.2023 19:15:17
- Zuletzt bearbeitet 02.04.2025 15:15:50
A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on...
CVE-2022-3499
- EPSS 0.78%
- Veröffentlicht 31.10.2022 20:15:12
- Zuletzt bearbeitet 05.05.2025 15:15:48
An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present.
CVE-2022-33757
- EPSS 0.78%
- Veröffentlicht 25.10.2022 17:15:53
- Zuletzt bearbeitet 07.05.2025 14:15:31
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties ab...
CVE-2022-28291
- EPSS 0.64%
- Veröffentlicht 17.10.2022 16:15:20
- Zuletzt bearbeitet 13.05.2025 20:15:21
Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials a...
CVE-2022-32974
- EPSS 0.7%
- Veröffentlicht 21.06.2022 15:15:09
- Zuletzt bearbeitet 21.11.2024 07:07:20
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.
- EPSS 1.26%
- Veröffentlicht 21.06.2022 15:15:09
- Zuletzt bearbeitet 21.11.2024 07:07:20
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
CVE-2022-0778
- EPSS 70.56%
- Veröffentlicht 15.03.2022 17:15:08
- Zuletzt bearbeitet 14.04.2026 10:16:21
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed ...
CVE-2022-23990
- EPSS 3.99%
- Veröffentlicht 26.01.2022 19:15:08
- Zuletzt bearbeitet 05.05.2025 17:17:59
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
CVE-2022-23852
- EPSS 4.53%
- Veröffentlicht 24.01.2022 02:15:06
- Zuletzt bearbeitet 05.05.2025 17:17:58
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
CVE-2022-22827
- EPSS 2.78%
- Veröffentlicht 10.01.2022 14:12:57
- Zuletzt bearbeitet 05.05.2025 17:17:53
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.