[R1] Nessus Version 10.6.2 Fixes Multiple Vulnerabilities

R1 Nessus Version 10.6.2 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 10/31/2023 - 12:35 Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components OpenSSL, zlib were found to contain vulnerabilities, and updated versions have been ma...

[R2] Nessus Version 10.5.5 Fixes Multiple Vulnerabilities

R2 Nessus Version 10.5.5 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 09/21/2023 - 10:55 A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application. - CVE-2023-3251 An arbitrary fil...

[R1] Nessus 8.14.0 Fixes One Vulnerability

Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host...

[R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities

Tenable.sc leverages third-party software to help provide underlying functionality. Three separate third-party components OpenSSL, Apache HTTP Server, SimpleSAMLphp were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line wi...

[R1] Nessus 8.11.1 Fixes One Vulnerability

Nessus versions 8.11.0 and earlier were found to be maintaining sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session...

[R1] Nessus Version 10.5.6 Fixes Multiple Vulnerabilities

R1 Nessus Version 10.5.6 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 10/31/2023 - 11:16 Nessus leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been made availabl...

[R1] Nessus Version 10.3.1 Fixes Multiple Vulnerabilities

R1 Nessus Version 10.3.1 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 10/26/2022 - 15:52 Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components moment.js, expat, datatables, libxml2, zlib were found to contain vulnerabilities, and...

[R1] Nessus Agent Version 10.1.4 Fixes Multiple Vulnerabilities

R1 Nessus Agent Version 10.1.4 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 06/15/2022 - 12:36 Custom audit files bring tremendous power and flexibility when assessing the configuration of your assets. Two separate vulnerabilities that utilize this custom Audit functionality were identified,...

[R1] Tenable Plugin Feed ID #202403142053 Fixes Privilege Escalation Vulnerability

R1 Tenable Plugin Feed ID 202403142053 Fixes Privilege Escalation Vulnerability Arnie Cabral Fri, 03/15/2024 - 13:17 As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with...

[R1] Nessus Agent Version 10.4.3 Fixes Multiple Vulnerabilities

R1 Nessus Agent Version 10.4.3 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 10/31/2023 - 14:09 Nessus Agent leverages third-party software to help provide underlying functionality. Several of the third-party components OpenSSL, zlib were found to contain vulnerabilities, and updated versions...

[R1] Nessus Agent 8.3.1 Fixes Multiple Vulnerabilities

Nessus Agent 8.3.0 and earlier were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host...

[R1] Nessus 8.15.0 Fixes Multiple Vulnerabilities

Nessus versions 8.14.0 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. Additionally, two third-party components expat, sqlite were foun...

[R1] Stand-alone Security Patch Available for Tenable Security Center versions 6.3.0, 6.4.0 and 6.4.5: SC-202412.1

R1 Stand-alone Security Patch Available for Tenable Security Center versions 6.3.0, 6.4.0 and 6.4.5: SC-202412.1 Arnie Cabral Fri, 12/20/2024 - 07:29 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components OpenSSL, PHP were...

[R1] Nessus Network Monitor 5.11.1 Fixes One Third-party Vulnerability

Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...

[R1] Nessus Agent 7.6.3 Fixes Multiple Third-party Vulnerabilities

Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain a multiple vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...

[R1] Nessus Agent Version 10.2.1 Fixes Multiple Vulnerabilities

R1 Nessus Agent Version 10.2.1 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 11/02/2022 - 10:30 Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been...

[R2] Tenable.sc 5.14.0 Fixes Multiple Vulnerabilities

Tenable.sc leverages third-party software to help provide underlying functionality. One third-party component jQuery was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the...

[R1] Tenable Plugin Feed ID #202212081952 Fixes Arbitrary Code Execution Vulnerability

R1 Tenable Plugin Feed ID 202212081952 Fixes Arbitrary Code Execution Vulnerability Arnie Cabral Fri, 03/10/2023 - 16:28 Audit files that are built into the Tenable products provide capability to adjust the audit evaluation to meet organizational requirements. A vulnerability was reported where...

[R1] Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.1.1, 6.2.0 and 6.2.1: SC-202403.1

R1 Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.1.1, 6.2.0 and 6.2.1: SC-202403.1 Arnie Cabral Mon, 03/25/2024 - 11:58 Security Center leverages third-party software to help provide underlying functionality. One of the third-party components sqlite was found...

[R1] Nessus Version 10.7.3 Fixes Multiple Vulnerabilities

R1 Nessus Version 10.7.3 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 05/15/2024 - 11:01 Two separate vulnerabilities were discovered, reported and fixed: When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce...

[R2] Nessus Version 10.5.0 Fixes Multiple Vulnerabilities

R2 Nessus Version 10.5.0 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 03/02/2023 - 12:42 Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components OpenSSL, spin.js, datatables.net were found to contain vulnerabilities, and updated...

[R1] Nessus Version 8.15.6 Fixes Multiple Vulnerabilities

R1 Nessus Version 8.15.6 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 08/09/2022 - 19:14 Two separate vulnerabilities that utilize the Audit functionality in Nessus were discovered, reported and fixed. 1. CVE-2022-32973 - An authenticated attacker could create an audit file that bypasses...

[R1] Security Center Version 6.3.0 Fixes Multiple Vulnerabilities

R1 Security Center Version 6.3.0 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 02/14/2024 - 10:00 Security Center leverages third-party software to help provide underlying functionality. One of the third-party components sqlite was found to contain vulnerabilities, and updated versions have be...

[R2] Security Center Version 6.2.1 Fixes Multiple Vulnerabilities

R2 Security Center Version 6.2.1 Fixes Multiple Vulnerabilities Arnie Cabral Mon, 11/20/2023 - 10:08 Security Center leverages third-party software to help provide underlying functionality. One of the third-party components Apache was found to contain vulnerabilities, and updated versions have be...

[R1] Nessus Version 10.4.1 Fixes Multiple Vulnerabilities

R1 Nessus Version 10.4.1 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 11/02/2022 - 17:01 Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components OpenSSL, expat were found to contain vulnerabilities, and updated versions have been...

[R1] Nessus 8.13.0 Fixes One Third-party Vulnerability

Nessus leverages third-party software to help provide underlying functionality. One of the third-party components jQuery was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade th...

[R1] Nessus Network Monitor 5.12.1 Fixes One Vulnerability

A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentia...

[R2] Security Center Version 6.4.0 Fixes Multiple Vulnerabilities

R2 Security Center Version 6.4.0 Fixes Multiple Vulnerabilities Arnie Cabral Mon, 06/10/2024 - 01:00 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components Apache, PHP were found to contain vulnerabilities, and updated versio...

[R1] Nessus Agent Version 10.6.4 Fixes Multiple Vulnerabilities

R1 Nessus Agent Version 10.6.4 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 05/16/2024 - 10:37 Two separate vulnerabilities were discovered, reported and fixed: When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4...

[R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities

R1 Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities Arnie Cabral Tue, 02/08/2022 - 16:19 Nessus leverages third-party software to help provide underlying functionality. One of the third-party components Expat was found to contain vulnerabilities, and an updated version h...

[R1] Nessus Agent Version 8.3.4 Fixes Multiple Vulnerabilities

R1 Nessus Agent Version 8.3.4 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 08/24/2022 - 12:18 Custom audit files bring tremendous power and flexibility when assessing the configuration of your assets. Two separate vulnerabilities that utilize this custom Audit functionality were identified,...

[R1] Nessus Network Monitor 6.5.0 Fixes Multiple Vulnerabilities

R1 Nessus Network Monitor 6.5.0 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 09/24/2024 - 11:43 Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several of the third-party components OpenSSL, expat, curl, and libxml2 were found to contain...

[R1] Tenable Identity Exposure Secure Relay Version 3.59.4 Fixes Multiple Vulnerabilities

R1 Tenable Identity Exposure Secure Relay Version 3.59.4 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 02/21/2024 - 10:51 Tenable Identity Exposure Secure Relay leverages third-party software to help provide underlying functionality. One of the third-party components Envoy was found to contain...

[R1] Security Center Version 6.2.0 Fixes Multiple Vulnerabilities

R1 Security Center Version 6.2.0 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 10/10/2023 - 16:56 Security Center leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have...

[R2] Nessus Version 10.4.3 Fixes Multiple Vulnerabilities

R2 Nessus Version 10.4.3 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 03/07/2023 - 11:30 Nessus leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been made availabl...

[R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities

Tenable Log Correlation Engine leverages third-party software to help provide underlying functionality. Two separate third-party components OpenSSL, jQuery were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good...

[R2] Tenable Identity Exposure Version 3.59.4 Fixes Multiple Vulnerabilities

R2 Tenable Identity Exposure Version 3.59.4 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 02/21/2024 - 13:26 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. One of the third-party components ASP.NET Core was found to contain vulnerabilities, a...

[R1] Stand-alone Security Patch Available for Security Center versions 6.0.0, 6.1.0 and 6.1.1: SC-202307.1-6.x

R1 Stand-alone Security Patch Available for Security Center versions 6.0.0, 6.1.0 and 6.1.1: SC-202307.1-6.x Arnie Cabral Tue, 07/25/2023 - 11:30 Tenable Security Center leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to...

[R1] LCE 5.1.1 Fixes Multiple Third-party Vulnerabilities

Log Correlation Engine leverages third-party software to help provide underlying functionality. One third-party component OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...

[R2] Tenable.sc Version 6.1.0 Fixes Multiple Vulnerabilities

R2 Tenable.sc Version 6.1.0 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 03/22/2023 - 11:21 Tenable.sc leverages third-party software to help provide underlying functionality. Several of the third-party components in use Apache, PHP were found to contain vulnerabilities, and updated versions...

[R2] Nessus Agent Version 10.3.2 Fixes Multiple Vulnerabilities

R2 Nessus Agent Version 10.3.2 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 03/09/2023 - 14:18 Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been...

[R1] Tenable.sc 5.22.0 Fixes One Third-Party Vulnerability

R1 Tenable.sc 5.22.0 Fixes One Third-Party Vulnerability Arnie Cabral Wed, 07/27/2022 - 18:26 Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components moment.js was found to contain vulnerabilities, and updated versions have been made...

[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202110.1

Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components Apache was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution, and in line with best practice, Tenable opted to upgra...

[R1] Nessus Agent Version 10.4.4 Fixes One Vulnerability

R1 Nessus Agent Version 10.4.4 Fixes One Vulnerability Arnie Cabral Thu, 11/16/2023 - 10:53 An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host,...

[R1] Nessus Version 10.6.3 Fixes One Vulnerability

R1 Nessus Version 10.6.3 Fixes One Vulnerability Arnie Cabral Thu, 11/16/2023 - 10:23 An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the...

[R1] Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.0.0, 6.1.0, 6.1.1, and 6.2.0: SC-202310.1

R1 Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.0.0, 6.1.0, 6.1.1, and 6.2.0: SC-202310.1 Jason Schavel Tue, 10/31/2023 - 11:08 Security Center leverages third-party software to help provide underlying functionality. One of the third-party components curl wa...

[R1] Sensor Proxy Version 1.0.8 Fixes Multiple Vulnerabilities

R1 Sensor Proxy Version 1.0.8 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 08/15/2023 - 15:13 Sensor Proxy leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been ma...

[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.22.0, 5.23.1, and 6.0.0: SC-202304.1

R1 Stand-alone Security Patch Available for Tenable.sc versions 5.22.0, 5.23.1, and 6.0.0: SC-202304.1 Arnie Cabral Mon, 04/24/2023 - 11:47 Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components PHP was found to contain vulnerabilitie...

[R2] Nessus Version 8.15.9 Fixes Multiple Vulnerabilities

R2 Nessus Version 8.15.9 Fixes Multiple Vulnerabilities Arnie Cabral Mon, 03/06/2023 - 18:07 Nessus leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been made availabl...

[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.19.0 to 5.21.0: Patch SC-202209.1

R1 Stand-alone Security Patch Available for Tenable.sc versions 5.19.0 to 5.21.0: Patch SC-202209.1 Arnie Cabral Wed, 09/07/2022 - 10:46 Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components moment.js was found to contain...