CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0CVE-2021-3450 – CA certificate check bypass with X509_V_FLAG_X509_STRICT
https://notcve.org/view.php?id=CVE-2021-3450
25 Mar 2021 — The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectivel... • http://www.openwall.com/lists/oss-security/2021/03/27/1 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-5793
https://notcve.org/view.php?id=CVE-2020-5793
05 Nov 2020 — A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability. Una vulnerabilidad en Nessus versiones 8.9.0 a 8.... • https://www.tenable.com/security/tns-2020-07 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5774
https://notcve.org/view.php?id=CVE-2020-5774
21 Aug 2020 — Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session. Se detectó que Nessus versiones 8.11.0 y anteriores, mantenía sesiones más largas que el período permitido en determinados escenarios. La falta de una expiración apropiada de la sesión podría permitir a atacantes con acceso local iniciar sesión en una sesión de navegad... • https://www.tenable.com/security/tns-2020-06 • CWE-613: Insufficient Session Expiration •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5765
https://notcve.org/view.php?id=CVE-2020-5765
15 Jul 2020 — Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable has implemented additional input validation mechanisms to correct this issue in Nessus 8.11.0. Se encontró que Nessus versiones 8.10.0 y anteriores, contenían una vulnerabilidad de tipo XSS almacenada debido a una comprobación inapropiada d... • https://www.tenable.com/security/tns-2020-05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 5%CPEs: 19EXPL: 1CVE-2018-20843 – expat: large number of colons in input makes parser consume high amount of resources, leading to DoS
https://notcve.org/view.php?id=CVE-2018-20843
24 Jun 2019 — In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). En libexpat en Expat anterior a versión 2.2.7, una entrada XML incluyendo nombres XML que contienen una gran cantidad de "dos puntos", podría hacer que el analizador XML consuma una gran cantidad de recursos de RAM y CPU durante el procesamiento (lo suficiente como ... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html • CWE-400: Uncontrolled Resource Consumption CWE-611: Improper Restriction of XML External Entity Reference •