Openvas

openvas

7 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Openvas Manager

openvas_manager

Openvas Administrator

openvas_administrator

Openvas Scanner

openvas-scanner

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-1597 1Openvas 1Openvas Manager Nov 21, 2024 Feb 6, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 OpenVAS Manager v2.0.3 allows plugin remote code execution.
CVE-2011-3351 1Openvas 1Openvas Scanner Nov 21, 2024 Nov 25, 2019 N/A· v4 7.1 HIGH· v3 6.6 MEDIUM· v2 openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink...Show more openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system.Show less
CVE-2014-9220 3Fedoraproject OpensuseOpenvas 3Fedora OpensuseOpenvas Manager May 6, 2026 Dec 3, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.
CVE-2013-6766 1Openvas 1Openvas Administrator May 6, 2026 May 19, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes t...Show more OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENT_AUTHENTIC.Show less
CVE-2013-6765 1Openvas 1Openvas Manager May 6, 2026 May 19, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the sta...Show more OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c.Show less
CVE-2012-5520 1Openvas 1Openvas Manager Apr 29, 2026 Nov 26, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request.
CVE-2011-0018 1Openvas 1Openvas Manager Apr 29, 2026 Jan 28, 2011 N/A· v4 N/A· v3 9.0 HIGH· v2 The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP reque...Show more The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA).Show less