[R1] Nessus Agent Version 8.3.4 Fixes Multiple Vulnerabilities
Arnie Cabral
Wed, 08/24/2022 – 12:18
1. CVE-2022-32973 – An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
2. CVE-2022-32974 – An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.
Additional details on the custom audit signing functionality can be found here: https://community.tenable.com/s/article/Audit-Signing-Overview
More Stories
DSA-5688-1 atril – security update
It was discovered that missing input sanitising in the Atril document viewer could result in writing arbitrary files in the...
chromium-124.0.6367.201-1.el9
FEDORA-EPEL-2024-6f1c3198f5 Packages in this update: chromium-124.0.6367.201-1.el9 Update description: update to 124.0.6367.201 * High CVE-2024-4671: Use after free in Visuals update...