Filtered by vendor Tenable Subscriptions
Total 145 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-0524 1 Tenable 3 Nessus, Tenable.io, Tenable.sc 2024-11-21 8.8 High
As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055.
CVE-2023-0476 1 Tenable 1 Tenable.sc 2024-11-21 6.5 Medium
A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection.
CVE-2023-0101 1 Tenable 1 Nessus 2024-11-21 8.8 High
A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host.
CVE-2022-4313 1 Tenable 2 Nessus, Plugin Feed 2024-11-21 8.8 High
A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.
CVE-2022-3499 1 Tenable 1 Nessus 2024-11-21 6.5 Medium
An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present.
CVE-2022-33757 1 Tenable 1 Nessus 2024-11-21 6.5 Medium
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.
CVE-2022-32974 1 Tenable 1 Nessus 2024-11-21 6.5 Medium
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.
CVE-2022-32973 1 Tenable 1 Nessus 2024-11-21 8.8 High
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
CVE-2022-28291 1 Tenable 1 Nessus 2024-11-21 6.5 Medium
Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets.
CVE-2022-24828 3 Fedoraproject, Getcomposer, Tenable 3 Fedora, Composer, Tenable.sc 2024-11-21 8.3 High
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report.
CVE-2022-24785 6 Debian, Fedoraproject, Momentjs and 3 more 15 Debian Linux, Fedora, Moment and 12 more 2024-11-21 7.5 High
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
CVE-2022-23990 7 Debian, Fedoraproject, Libexpat Project and 4 more 8 Debian Linux, Fedora, Libexpat and 5 more 2024-11-21 7.5 High
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
CVE-2022-23852 7 Debian, Libexpat Project, Netapp and 4 more 10 Debian Linux, Libexpat, Clustered Data Ontap and 7 more 2024-11-21 9.8 Critical
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
CVE-2022-22827 5 Debian, Libexpat Project, Redhat and 2 more 6 Debian Linux, Libexpat, Enterprise Linux and 3 more 2024-11-21 8.8 High
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22826 5 Debian, Libexpat Project, Redhat and 2 more 6 Debian Linux, Libexpat, Enterprise Linux and 3 more 2024-11-21 8.8 High
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22825 5 Debian, Libexpat Project, Redhat and 2 more 6 Debian Linux, Libexpat, Enterprise Linux and 3 more 2024-11-21 8.8 High
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22824 5 Debian, Libexpat Project, Redhat and 2 more 6 Debian Linux, Libexpat, Enterprise Linux and 3 more 2024-11-21 9.8 Critical
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22823 5 Debian, Libexpat Project, Redhat and 2 more 6 Debian Linux, Libexpat, Enterprise Linux and 3 more 2024-11-21 9.8 Critical
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22822 5 Debian, Libexpat Project, Redhat and 2 more 6 Debian Linux, Libexpat, Enterprise Linux and 3 more 2024-11-21 9.8 Critical
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-0778 8 Debian, Fedoraproject, Mariadb and 5 more 25 Debian Linux, Fedora, Mariadb and 22 more 2024-11-21 7.5 High
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).