11 results (0.008 seconds)

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI. • https://www.tenable.com/security/tns-2024-17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection. Bajo ciertas condiciones, se descubrió que Nessus Network Monitor no aplicaba adecuadamente la validación de entrada. Esto podría permitir a un usuario administrador modificar parámetros que potencialmente podrían permitir una inyección blindSQL. • https://www.tenable.com/security/tns-2023-34 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location NNM no pudo configurar correctamente las ACL en su directorio de instalación, lo que podría permitir a un usuario con pocos privilegios ejecutar código arbitrario con privilegios de SYSTEM cuando NNM está instalado en una ubicación no estándar. • https://www.tenable.com/security/tns-2023-34 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-276: Incorrect Default Permissions •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file. Bajo ciertas condiciones, Nessus Network Monitor podría permitir que un usuario con pocos privilegios escale privilegios a NT AUTHORITY\SYSTEM en hosts de Windows reemplazando un archivo especialmente manipulado. This vulnerability allows local attackers to escalate privileges on affected installations of Tenable Nessus Network Monitor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The process loads an OpenSSL configuration file from an unsecured location. • https://www.tenable.com/security/tns-2023-34 • CWE-269: Improper Privilege Management •

CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. • http://www.openwall.com/lists/oss-security/2021/08/26/2 https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12 https://kc.mcafee.com/corporate/index?page=content&id=SB10366 https://lists.apache.org/thread.html/r18995de860f0e63635f3008f • CWE-125: Out-of-bounds Read •