CVSS: 5.9EPSS: 0%CPEs: 205EXPL: 0CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. • http://www.openwall.com/lists/oss-security/2021/03/27/1 http://www.openwall.com/lists/oss-security/2021/03/27/2 http://www.openwall.com/lists/oss-security/2021/03/28/3 http://www.openwall.com/lists/oss-security/2021/03/28/4 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148 https://kb.pulse • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-5793
https://notcve.org/view.php?id=CVE-2020-5793
A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability. Una vulnerabilidad en Nessus versiones 8.9.0 a 8.12.0, para Windows y Nessus Agent versiones 8.0.0 y 8.1.0 para Windows, podría permitir a un atacante local autenticado copiar archivos suministrados por el usuario en una ruta especialmente construida en un directorio de usuario con nombre específico. Un atacante podría explotar esta vulnerabilidad mediante la creación de un archivo malicioso y copiar el archivo en un directorio del sistema. • https://www.tenable.com/security/tns-2020-07 https://www.tenable.com/security/tns-2020-08 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5774
https://notcve.org/view.php?id=CVE-2020-5774
Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session. Se detectó que Nessus versiones 8.11.0 y anteriores, mantenía sesiones más largas que el período permitido en determinados escenarios. La falta de una expiración apropiada de la sesión podría permitir a atacantes con acceso local iniciar sesión en una sesión de navegador existente. • https://www.tenable.com/security/tns-2020-06 • CWE-613: Insufficient Session Expiration •
CVSS: 7.8EPSS: 58%CPEs: 19EXPL: 1CVE-2018-20843 – expat: large number of colons in input makes parser consume high amount of resources, leading to DoS
https://notcve.org/view.php?id=CVE-2018-20843
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). En libexpat en Expat anterior a versión 2.2.7, una entrada XML incluyendo nombres XML que contienen una gran cantidad de "dos puntos", podría hacer que el analizador XML consuma una gran cantidad de recursos de RAM y CPU durante el procesamiento (lo suficiente como para ser utilizables en ataques de denegación de servicio) . It was discovered that the "setElementTypePrefix()" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226 https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes https://github.com/libexpat/libexpat/issues/186 https://github.com/libexpat/libexpat/pull/262 https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html https://lists.fedoraproject.org/archives/ • CWE-400: Uncontrolled Resource Consumption CWE-611: Improper Restriction of XML External Entity Reference •