CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20117
https://notcve.org/view.php?id=CVE-2021-20117
09 Sep 2021 — Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118. Se ha encontrado que Nessus Agent versiones 8.3.0 y anteriores, contienen una vulnerabilidad de escalada de privilegios local que podría permitir a un administrador local autenticado ejecutar determinados ejecutables en el host de Nessus Agent. Esto es diferente de CV... • https://www.tenable.com/security/tns-2021-15 •
CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0CVE-2021-3712 – Read buffer overruns processing ASN.1 strings
https://notcve.org/view.php?id=CVE-2021-3712
24 Aug 2021 — ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set... • http://www.openwall.com/lists/oss-security/2021/08/26/2 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 42EXPL: 0CVE-2021-3711 – SM2 Decryption Buffer Overflow
https://notcve.org/view.php?id=CVE-2021-3711
24 Aug 2021 — In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the ... • http://www.openwall.com/lists/oss-security/2021/08/26/2 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20106
https://notcve.org/view.php?id=CVE-2021-20106
21 Jul 2021 — Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host. Nessus Agent versiones 8.2.5 y anteriores, se ha detectado que contienen una vulnerabilidad de escalada de privilegios que podría permitir a un usuario administrador de Nessus cargar un archivo especialmente diseñado que podría conllevar a alcanzar privilegios... • https://www.tenable.com/security/tns-2021-13 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20079
https://notcve.org/view.php?id=CVE-2021-20079
29 Jun 2021 — Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host. Nessus versiones 8.13.2 y anteriores, se detectó que contienen una vulnerabilidad de escalada de privilegios que podría permitir a un usuario administrador de Nessus cargar un archivo especialmente diseñado que podría conllevar a alcanzar privilegios de administrad... • https://www.tenable.com/security/tns-2021-07 •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20100
https://notcve.org/view.php?id=CVE-2021-20100
28 Jun 2021 — Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099. Se ha detectado que Nessus Agent versiones 8.2.4 y anteriores para Windows contienen múltiples vulnerabilidades de escalada de privilegios local que podrían permitir a un administrador local autenticado ejecutar determinados ejecutables de Wind... • https://www.tenable.com/security/tns-2021-12 •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20099
https://notcve.org/view.php?id=CVE-2021-20099
28 Jun 2021 — Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100. Se ha detectado que Nessus Agent versiones 8.2.4 y anteriores para Windows contienen múltiples vulnerabilidades de escalada de privilegios locales que podrían permitir a un administrador local autenticado ejecutar determinados ejecutables de Wi... • https://www.tenable.com/security/tns-2021-12 •
CVSS: 5.9EPSS: 13%CPEs: 205EXPL: 1CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
25 Mar 2021 — An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS c... • https://github.com/riptl/cve-2021-3449 • CWE-476: NULL Pointer Dereference •
CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0CVE-2021-3450 – CA certificate check bypass with X509_V_FLAG_X509_STRICT
https://notcve.org/view.php?id=CVE-2021-3450
25 Mar 2021 — The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectivel... • http://www.openwall.com/lists/oss-security/2021/03/27/1 • CWE-295: Improper Certificate Validation •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20077
https://notcve.org/view.php?id=CVE-2021-20077
19 Mar 2021 — Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. Se encontró que las versiones 7.2.0 a 8.2.2 del Agente Nessus capturan inadvertidamente el token de seguridad del rol IAM en el host local durante la vinculación inicial del Agente Nessus cuando se instala en una instancia de Amazon EC2. Esto ... • https://www.tenable.com/security/tns-2021-04-0 •