[R1] Nessus 8.15.0 Fixes Multiple Vulnerabilities

Nessus versions 8.14.0 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. Additionally, two third-party components expat, sqlite were foun...

[R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities

Tenable Log Correlation Engine leverages third-party software to help provide underlying functionality. Two separate third-party components OpenSSL, jQuery were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good...

[R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities

Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...

[R1] Nessus Agent 8.2.4 Fixes Multiple Vulnerabilities

Nessus Agent leverages third-party software to help provide underlying functionality. Two separate third-party components OpenSSL and sqlite were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenabl...

[R1] Nessus 8.14.0 Fixes One Vulnerability

Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host...

[R1] Tenable.sc 5.18.0 Fixes One Third-party Vulnerability

Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgra...

[R1] Nessus 8.13.2 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade t...

[R1] Nessus Agent 8.2.3 Fixes Multiple Vulnerabilities

Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. Additionally, one third-part...

[R2] Stand-alone Security Patches Available for Tenable.sc versions 5.13.0 to 5.17.0

Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution RCE on the Tenable.sc server via Hypertext Preprocessor unserialization. Additionally, one third-party componen...

[R1] Nessus Network Monitor 5.13.0 Fixes One Third-party Vulnerability

Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components jQuery was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opt...

[R1] Nessus AMI 8.13.1 Fixes One Vulnerability

Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle MITM attack...

[R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities

Tenable.sc leverages third-party software to help provide underlying functionality. Two separate third-party components jQuery and OpenSSL were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...

[R1] Nessus 8.13.1 Fixes Multiple Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundl...

[R1] Nessus Agent 8.2.2 Fixes Multiple Vulnerabilities

Nessus Agent leverages third-party software to help provide underlying functionality. One third-party component OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the...

[R1] Nessus 8.13.0 Fixes One Third-party Vulnerability

Nessus leverages third-party software to help provide underlying functionality. One of the third-party components jQuery was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade th...

[R1] Nessus Network Monitor 5.12.1 Fixes One Vulnerability

A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentia...

[R1] Nessus 8.12.1 Fixes One Vulnerability

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying...

[R2] Nessus Agent 8.2.0 Fixes One Vulnerability

A vulnerability in Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to...

[R1] Nessus 8.11.1 Fixes One Vulnerability

Nessus versions 8.11.0 and earlier were found to be maintaining sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session...

[R1] Nessus 8.11.0 Fixes One Vulnerability

Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable has implemented additiona...

[R1] Nessus Network Monitor 5.11.1 Fixes One Third-party Vulnerability

Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...

[R1] Nessus Agent 7.6.3 Fixes Multiple Third-party Vulnerabilities

Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain a multiple vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...

[R2] Tenable.sc 5.14.0 Fixes Multiple Vulnerabilities

Tenable.sc leverages third-party software to help provide underlying functionality. One third-party component jQuery was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the...

[R1] SimpleSAMLPHP Stand-alone Patch Available for Tenable.sc versions 5.9.x to 5.12.x

Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components SimpleSAMLPHP was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...

[R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities

Tenable.sc leverages third-party software to help provide underlying functionality. Three separate third-party components OpenSSL, Apache HTTP Server, SimpleSAMLphp were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line wi...

[R1] Nessus Network Monitor 5.11.0 Fixes Multiple Third-party Vulnerabilities

Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several third-party components OpenSSL, jQuery and moment.js were found to contain vulnerabilities, and updated versions have been made available by the providers...

[R1] PHP Stand-alone Patch Available for Tenable.sc versions 5.7.x to 5.11.x

Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components PHP was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to provide a...

[R1] Nessus 8.7.0 Fixes One Vulnerability

Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive...

[R1] Nessus 8.6.0 Fixes One Vulnerability

Nessus versions 8.5.2 and earlier on Windows platforms were found to contain a flaw where certain files could be overwritten arbitrarily. An authenticated, remote attacker could potentially exploit this vulnerability to create a denial of service condition...

[R2] Nessus 8.5.0 Fixes Multiple Vulnerabilities

Nessus versions 8.4.0 and earlier were found to contain multiple XSS vulnerabilities due to improper validation of user-supplied input. For CVE-2019-3961, an unauthenticated, remote attacker could exploit this vulnerability via a specially crafted request to execute arbitrary script code in a...

[R1] Nessus Agent 7.4.0 Fixes One Third-party Vulnerability

Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain a single vulnerability, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted...

[R1] Nessus 8.3.0 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. Two separate third-party components OpenSSL and Moment.js were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...

[R1] Nessus 8.2.2 Fixes One Vulnerability

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser...

[R1] Nessus 8.2.2 Fixes One Vulnerability

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser...

[R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundl...

[R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundl...

[R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundl...

[R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundl...

[R2] SecurityCenter 5.8.0 Fixes Multiple Third-Party Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components Apache Xalan and Serializer were found to contain vulnerabilities, and updated versions have been made available by the providers...

[R2] SecurityCenter 5.8.0 Fixes Multiple Third-Party Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components Apache Xalan and Serializer were found to contain vulnerabilities, and updated versions have been made available by the providers...

[R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundl...

[R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundl...

[R1] LCE 5.1.1 Fixes Multiple Third-party Vulnerabilities

Log Correlation Engine leverages third-party software to help provide underlying functionality. One third-party component OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...

[R1] LCE 5.1.1 Fixes Multiple Third-party Vulnerabilities

Log Correlation Engine leverages third-party software to help provide underlying functionality. One third-party component OpenSSL was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...

[R1] SecurityCenter 5.7.1 Fixes Multiple Third-Party Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components PHP and OpenSSL were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...

[R1] SecurityCenter 5.7.1 Fixes Multiple Third-Party Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components PHP and OpenSSL were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...

[R2] SecurityCenter 5.7.0 Fixes Multiple Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components PHP and jQuery were found to contain vulnerabilities, and updated versions have been made available by the providers...

[R2] SecurityCenter 5.7.0 Fixes Multiple Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components PHP and jQuery were found to contain vulnerabilities, and updated versions have been made available by the providers...

[R1] TenableCore Web Application Scanner v20180702 Fixes Third-party Vulnerabilities

The TenableCore Web Application Scanner Image v20180328 was found to contain a command injection flaw in a script included in the bundled DHCP client dhclient package. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitra...

[R1] TenableCore Web Application Scanner v20180702 Fixes Third-party Vulnerabilities

The TenableCore Web Application Scanner Image v20180328 was found to contain a command injection flaw in a script included in the bundled DHCP client dhclient package. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitra...