- Home
- CVEs with nessus.description==According to its self-reported version, the Tenable Nessus application
running on the remote host is prior to 7.1.4. It is, therefore,
affected by multiple vulnerabilities:
- Tenable Nessus contains a flaw in the bundled third-party
component OpenSSL library's key handling during a TLS
handshake that causes a denial of service vulnerability
due to key handling during a TLS handshake.
(CVE-2018-0732)
- Tenable Nessus contains a flaw in the bundled third-party
component OpenSSL library's DSA signature algorithm that
renders it vulnerable to a timing side channel attack.
An attacker could leverage this vulnerability to recover
the private key. (CVE-2018-0734)
- Tenable Nessus contains a flaw in the bundled third-party
component OpenSSL library's RSA Key generation algorithm
that allows a cache timing side channel attack to recover
the private key. (CVE-2018-0737)
- Tenable Nessus contains a flaw in the bundled third-party
component OpenSSL library's Simultaneous Multithreading
(SMT) architectures which render it vulnerable to
side-channel leakage. This issue is known as 'PortSmash'.
An attacker could possibly use this issue to perform a
timing side-channel attack and recover private keys.
(CVE-2018-5407)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top