English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.118417
Category:General
Title:Tenable Nessus < 10.3.2 Multiple Vulnerabilities (TNS-2022-23)
Summary:Tenable Nessus is prone to multiple vulnerabilities.
Description:Summary:
Tenable Nessus is prone to multiple vulnerabilities.

Vulnerability Insight:
Tenable Nessus leverages third-party software to help provide
underlying functionality. Several of the third-party components (OpenSSL, expat) were found to
contain vulnerabilities, and updated versions have been made available by the providers.

Nessus 10.3.2 updates expat to version 2.5.0 and OpenSSL to 3.0.7 to address the identified
vulnerabilities.

Affected Software/OS:
Tenable Nessus prior to version 10.3.2.

Solution:
Update to version 10.3.2 or later.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2022-43680
Debian Security Information: DSA-5266 (Google Search)
https://www.debian.org/security/2022/dsa-5266
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/
https://security.gentoo.org/glsa/202210-38
https://github.com/libexpat/libexpat/issues/649
https://github.com/libexpat/libexpat/pull/616
https://github.com/libexpat/libexpat/pull/650
https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html
http://www.openwall.com/lists/oss-security/2023/12/28/5
http://www.openwall.com/lists/oss-security/2024/01/03/5
Common Vulnerability Exposure (CVE) ID: CVE-2022-3602
20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a
FEDORA-2022-0f1d2e0537
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/
FEDORA-2022-502f096dce
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/
GLSA-202211-01
https://security.gentoo.org/glsa/202211-01
VU#794340
https://www.kb.cert.org/vuls/id/794340
[oss-security] 20221101 OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
http://www.openwall.com/lists/oss-security/2022/11/01/15
[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
http://www.openwall.com/lists/oss-security/2022/11/01/16
http://www.openwall.com/lists/oss-security/2022/11/01/18
http://www.openwall.com/lists/oss-security/2022/11/01/19
http://www.openwall.com/lists/oss-security/2022/11/01/20
http://www.openwall.com/lists/oss-security/2022/11/01/21
http://www.openwall.com/lists/oss-security/2022/11/01/24
http://www.openwall.com/lists/oss-security/2022/11/02/1
http://www.openwall.com/lists/oss-security/2022/11/02/2
http://www.openwall.com/lists/oss-security/2022/11/02/3
[oss-security] 20221102 Re: Fwd: Node.js security updates for all active release lines, November 2022
http://www.openwall.com/lists/oss-security/2022/11/02/10
[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
http://www.openwall.com/lists/oss-security/2022/11/01/17
http://www.openwall.com/lists/oss-security/2022/11/02/11
http://www.openwall.com/lists/oss-security/2022/11/02/13
http://www.openwall.com/lists/oss-security/2022/11/02/15
http://www.openwall.com/lists/oss-security/2022/11/02/5
http://www.openwall.com/lists/oss-security/2022/11/02/6
http://www.openwall.com/lists/oss-security/2022/11/02/7
http://www.openwall.com/lists/oss-security/2022/11/03/1
http://www.openwall.com/lists/oss-security/2022/11/03/2
[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
http://www.openwall.com/lists/oss-security/2022/11/02/12
http://www.openwall.com/lists/oss-security/2022/11/02/14
http://www.openwall.com/lists/oss-security/2022/11/02/9
[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
http://www.openwall.com/lists/oss-security/2022/11/03/10
http://www.openwall.com/lists/oss-security/2022/11/03/11
http://www.openwall.com/lists/oss-security/2022/11/03/5
[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
http://www.openwall.com/lists/oss-security/2022/11/03/3
http://www.openwall.com/lists/oss-security/2022/11/03/6
http://www.openwall.com/lists/oss-security/2022/11/03/7
http://www.openwall.com/lists/oss-security/2022/11/03/9
http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
https://security.netapp.com/advisory/ntap-20221102-0001/
https://www.openssl.org/news/secadv/20221101.txt
Common Vulnerability Exposure (CVE) ID: CVE-2022-3786
3.0.7 git commit
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a
OpenSSL Advisory
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.