汇总 openvas 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 输入验证问题、SQL 注入与路径处理缺陷 相关,可能在 生产负载与软件部署 场景中带来 文件覆盖与数据泄露 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2011-1597 | OpenVAS Manager v2.0.3 allows plugin remote code execution. | [email protected] | 8.8 | 1.77% | 2020-02-05 | 2026-06-16 |
| CVE-2011-3351 | openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system. | [email protected] | 7.1 | 0.40% | 2019-11-25 | 2026-06-16 |
| CVE-2014-9220 | SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. | [email protected] | 7.5 | 2.07% | 2014-12-02 | 2026-06-16 |
| CVE-2013-6766 | OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENT_AUTHENTIC. | [email protected] | 7.5 | 1.63% | 2014-05-19 | 2026-06-16 |
| CVE-2013-6765 | OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c. | [email protected] | 7.5 | 7.27% | 2014-05-19 | 2026-06-16 |
| CVE-2012-5520 | The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request. | [email protected] | 7.5 | 3.05% | 2012-11-26 | 2026-06-16 |
| CVE-2011-0018 | The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA). | [email protected] | 9.0 | 9.27% | 2011-01-28 | 2026-06-16 |