Lucene search
K
TenableNessus

67 matches found

CVE
CVE
added 2022/03/15 5:5 p.m.1352 views

CVE-2022-0778

CVE-2022-0778 describes an infinite loop in BN_mod_sqrt() when parsing certain ASN.1 elliptic-curve parameters, enabling DoS during certificate or key processing. Affected OpenSSL versions include 1.0.2, 1.1.1, and 3.0 (specific ranges: 1.0.2 (1.0.2–1.0.2zc), 1.1.1 (1.1.1–1.1.1m), 3.0 (3.0.0–3.0....

7.5CVSS7.8AI score0.70561EPSS
In wild
CVE
CVE
added 2019/02/27 11:0 p.m.925 views

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

5.9CVSS6.3AI score0.17139EPSS
CVE
CVE
added 2021/03/25 2:25 p.m.813 views

CVE-2021-3449

CVE-2021-3449 affects OpenSSL 1.1.1.x where a TLSv1.2 server may crash (DoS) if it receives a renegotiation ClientHello that omits the signature_algorithms extension but includes signature_algorithms_cert. The issue is a NULL pointer dereference leading to a denial of service; OpenSSL clients are...

5.9CVSS6.7AI score0.62906EPSS
CVE
CVE
added 2018/11/15 9:0 p.m.672 views

CVE-2018-5407

CVE-2018-5407 is a PortSmash timing-side channel vulnerability in SMT/Hyper-Threading affecting OpenSSL. Local attackers could exploit a timing leakage during cryptographic operations to gain information. Documented in multiple advisories (e.g., ALAS/ALAS2 for OpenSSL) with remediation stating to...

4.7CVSS5.6AI score0.03418EPSS
CVE
CVE
added 2021/03/25 2:25 p.m.564 views

CVE-2021-3450

CVE-2021-3450 affects OpenSSL 1.1.1h–1.1.1j where a bug in the X509_V_FLAG_X509_STRICT path overwrote a prior CA-check result, bypassing the non-CA certificates prohibition unless a programmed purpose is used. When a purpose is configured, the certificate chain is still rejected; the issue is fix...

7.4CVSS7.6AI score0.18339EPSS
CVE
CVE
added 2019/06/24 4:6 p.m.519 views

CVE-2018-20843

The CVE-2018-20843 issue affects libexpat (Expat) prior to 2.2.7, where XML inputs with many colons can cause high RAM/CPU usage and enable DoS. Related CVE-2019-15903 describes a heap-based buffer over-read when crafted XML triggers early parsing state switches. Public advisories confirm that an...

7.8CVSS7.5AI score0.07107EPSS
CVE
CVE
added 2022/01/24 1:6 a.m.484 views

CVE-2022-23852

Expat (libexpat) contains a signed integer overflow in XML_GetBuffer when XML_CONTEXT_BYTES is nonzero (CVE-2022-23852). IV was observed in multiple advisories and bulletins; the issue can lead to arbitrary code execution or crash if exploited. A fix exists in expat 2.4.4 and later; affected dist...

9.8CVSS9.6AI score0.04525EPSS
CVE
CVE
added 2022/01/26 6:2 p.m.445 views

CVE-2022-23990

CVE-2022-23990 affects Expat (libexpat) before 2.4.4. The issue is an integer overflow in doProlog, leading to denial of service and potential exploitation. Advisories from AlmaLinux and Amazon Linux indicate remediation via upgrading expat to a fixed version (e.g., Expats newer than 2.4.4; ALAS ...

7.5CVSS8.7AI score0.03992EPSS
CVE
CVE
added 2022/01/08 2:57 a.m.413 views

CVE-2022-22822

CVE-2022-22822 affects Expat (libexpat) prior to 2.4.3, where addBinding in xmlparse.c can overflow an integer and enable remote code execution or other impact as described in published advisories. The vulnerability is tied to an integer overflow in xmlparse.c (addBinding), with CVSS-derived seve...

9.8CVSS9.5AI score0.04829EPSS
CVE
CVE
added 2022/01/01 6:47 p.m.350 views

CVE-2021-45960

CVE-2021-45960 (Expat/libexpat) is corroborated by connected advisories describing a left shift (29 or more) in storeAtts() of xmlparse.c that can trigger realloc misbehavior, potentially leading to allocation errors or memory mismanagement in Expat before 2.4.3. The CVE is repeatedly listed acro...

9CVSS9.1AI score0.042EPSS
CVE
CVE
added 2022/01/08 2:57 a.m.332 views

CVE-2022-22823

CVE-2022-22823 affects Expat (libexpat) with an integer overflow in build_model() in xmlparse.c, vulnerable prior to 2.4.3. The CVE is corroborated by multiple sources (e.g., ALAS2-2022-1809, ALSA-2022-7692) and Cloud Foundry USN references, all indicating Expat pre-2.4.3 contains the overflow is...

9.8CVSS9.5AI score0.03376EPSS
CVE
CVE
added 2022/01/08 2:56 a.m.329 views

CVE-2022-22824

CVE-2022-22824 affects Expat (libexpat) with an integer overflow in defineAttribute() within xmlparse.c for versions before 2.4.3. The issue is confirmed by connected documents listing multiple Expat CVEs (e.g., CVE-2021-46143, CVE-2022-22822–22827) and advisories referencing 2.4.3 as the fix ver...

9.8CVSS9.5AI score0.03376EPSS
CVE
CVE
added 2022/01/08 2:56 a.m.295 views

CVE-2022-22827

CVE-2022-22827 affects Expat (libexpat) stored in xmlparse.c: storeAtts has an integer overflow in versions before 2.4.3. The vulnerability can be triggered by processing crafted XML content and, as described in the advisories, may lead to crashes or arbitrary code execution in some contexts. Aff...

8.8CVSS9.2AI score0.02778EPSS
CVE
CVE
added 2022/01/08 2:56 a.m.293 views

CVE-2022-22825

CVE-2022-22825 refers to an integer overflow in Expat (libexpat) within xmlparse.c (lookup function) present in versions before 2.4.3. The vulnerability is a code execution/impact class due to heap memory mismanagement from the overflow, with CVSS v3.1 base score 8.8 (high) and network/remote exp...

8.8CVSS9.2AI score0.02614EPSS
CVE
CVE
added 2022/01/06 3:48 a.m.290 views

CVE-2021-46143

CVE-2021-46143 affects libexpat (Expat) in doProlog (xmlparse.c) with an integer overflow on m_groupSize prior to 2.4.3. The linked advisories and databases confirm related Expat overflow issues (and other overflow variants such as addBinding, build_model, defineAttribute, lookup, nextScaffoldPar...

8.1CVSS8.9AI score0.03759EPSS
CVE
CVE
added 2022/01/08 2:56 a.m.285 views

CVE-2022-22826

CVE-2022-22826 is an integer overflow in the Expat (libexpat) XML parser, specifically in nextScaffoldPart of xmlparse.c, affecting versions before 2.4.3. The initial CVE description confirms the overflow, and connected advisories/patch notes (e.g., AlmaLinux ALAS-2022-1603/7692, CESA-2022:1069) ...

8.8CVSS9.2AI score0.02778EPSS
CVE
CVE
added 2018/03/04 9:0 p.m.257 views

CVE-2017-18214

CVE-2017-18214 affects the Moment.js Node.js module prior to 2.19.3, enabling a regular-expression denial-of-service (ReDoS) via a crafted date string. The issue is described as a separate vulnerability from CVE-2016-4055, with practical risk being CPU exhaustion leading to potential denial of se...

7.5CVSS6.5AI score0.03673EPSS
CVE
CVE
added 2017/01/23 9:0 p.m.233 views

CVE-2016-4055

Moment.js (Node.js) is affected by CVE-2016-4055 due to a vulnerability in its regular expression handling that can enable a DoS (high CPU usage) via crafted input. Public details show the issue as a ReDoS against the moment package prior to 2.11.2, with remediation requiring upgrading to a patch...

7.8CVSS6.5AI score0.09905EPSS
CVE
CVE
added 2019/06/25 8:27 p.m.233 views

CVE-2019-3961

CVE-2019-3961 refers to a reflected XSS in Nessus versions 8.4.0 and earlier caused by improper validation of user-supplied input. An unauthenticated, remote attacker could craft a request to cause script execution in a user’s browser session. The vulnerability is documented across multiple sourc...

6.1CVSS6.4AI score0.01482EPSS
CVE
CVE
added 2023/08/29 6:38 p.m.213 views

CVE-2023-3251

CVE-2023-3251 concerns Tenable Nessus prior to version 10.6.0. An authenticated administrator could exploit a pass-back vulnerability to uncover stored SMTP credentials within the Nessus application. The advisory and related references indicate Nessus 10.6.0 fixes these issues (the CVE-2023-3251 ...

4.9CVSS5AI score0.00458EPSS
CVE
CVE
added 2023/08/29 6:55 p.m.200 views

CVE-2023-3252

CVE-2023-3252 affects Tenable Nessus prior to 10.5.5, where an authenticated, remote attacker with administrator privileges could modify logging variables to write arbitrary files on the remote host, causing a denial of service. The vulnerability is addressed in Nessus 10.5.5 (per TNS-2023-31). R...

6.8CVSS6.4AI score0.00598EPSS
CVE
CVE
added 2023/08/29 7:8 p.m.170 views

CVE-2023-3253

CVE-2023-3253 describes an improper authorization vulnerability in Tenable Nessus where an authenticated, low-privileged remote attacker could view a list of all users in the application. Affected product: Nessus (pre-10.6.0 releases). The issue is confirmed in multiple feeds (Red Hat, NVD, CVE l...

4.3CVSS4.8AI score0.00391EPSS
CVE
CVE
added 2023/11/01 3:30 p.m.156 views

CVE-2023-5847

CVE-2023-5847 is evidenced in connected docs as a local privilege escalation affecting Tenable Nessus/Nessus Agent. The flaw enables a low-privileged attacker to load a crafted file during installation or upgrade, potentially escalating to SYSTEM/root by exploiting OpenSSL configuration handling ...

7.3CVSS7.1AI score0.00223EPSS
CVE
CVE
added 2019/08/15 6:58 p.m.124 views

CVE-2019-3974

CVE-2019-3974 affects Tenable Nessus on Windows (versions 8.5.2 and earlier). The issue allows arbitrary overwriting of certain system files, potentially causing a denial-of-service condition. Root cause: file overwrite flaw in Nessus’ Windows file handling. Affected product/version per sources: ...

8.5CVSS7.9AI score0.01818EPSS
CVE
CVE
added 2023/01/20 12:0 a.m.124 views

CVE-2023-0101

CVE-2023-0101 affects Tenable Nessus, with privilege escalation on Nessus hosts. Affected are Nessus versions 8.10.1–8.15.8 and 10.0.0–10.4.1. The vulnerability allows an authenticated attacker to execute a specially crafted file to obtain root or NT AUTHORITY/SYSTEM privileges. The CVSS vector i...

8.8CVSS8.6AI score0.0082EPSS
CVE
CVE
added 2019/07/01 7:39 p.m.111 views

CVE-2019-3962

CVE-2019-3962 affects Tenable Nessus pre-8.5.0. An authenticated, local attacker can induce a targeted user to view a malicious URL and trigger Nessus to send fraudulent messages, allowing arbitrary text to be injected into the feed status, persisting after session expiration. Mitigation: upgrade...

4.3CVSS4.5AI score0.00954EPSS
CVE
CVE
added 2022/06/21 2:23 p.m.111 views

CVE-2022-32973

CVE-2022-32973 affects Nessus Agent prior to 8.3.4 or 10.x prior to 10.1.4. An authenticated attacker could create a custom audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges. This is documented in Nessus/TNS advisories (e.g., TNS-2022-17) and li...

9CVSS8.5AI score0.01247EPSS
CVE
CVE
added 2019/10/23 6:55 p.m.106 views

CVE-2019-3982

CVE-2019-3982 affects Tenable Nessus versions 8.6.0 and earlier. The issue is a denial-of-service caused by improper validation of specific imported scan types in the Nessus scanner, which can be exploited remotely by an authenticated attacker to render the scanner temporarily unresponsive. The c...

6.5CVSS6.4AI score0.01782EPSS
CVE
CVE
added 2018/05/18 10:0 p.m.91 views

CVE-2018-1148

Nessus before 7.1.0 is vulnerable to a session fixation flaw caused by insufficient session management. An authenticated attacker could hijack a user session after a password change by leveraging an existing session ID. The connected sources confirm the affected product (Tenable Nessus), the vuln...

6.5CVSS6.3AI score0.00769EPSS
CVE
CVE
added 2022/10/31 12:0 a.m.90 views

CVE-2022-3499

CVE-2022-3499 affects Tenable Nessus 10.x prior to 10.4.0. An authenticated attacker could use identical agent and cluster node linking keys to cause unauthorized disclosure of agent logs and data. Tenable Nessus 10.4.0 fixes this issue (and CVE-2022-3498); remediation includes upgrading to 10.4....

6.5CVSS6.2AI score0.00775EPSS
CVE
CVE
added 2021/06/28 10:29 a.m.89 views

CVE-2021-20099

CVE-2021-20099 affects Nessus Agent for Windows, prior to 8.2.5? (8.2.4 and earlier as described) and constitutes a local privilege escalation where an authenticated local administrator could cause specific Windows executables to run as the Nessus host. The connected sources (Red Hat, ENISA/CVE r...

6.7CVSS7AI score0.00317EPSS
CVE
CVE
added 2018/05/18 10:0 p.m.84 views

CVE-2018-1147

The CVE-2018-1147 issue affects Nessus prior to 7.1.0, where improper input validation enables stored cross-site scripting (XSS). A remote authenticated attacker could craft and upload a .nessus file (or alter Advanced Settings) so that an administrator viewing it can trigger arbitrary script exe...

5.4CVSS5.6AI score0.01148EPSS
CVE
CVE
added 2021/06/29 6:16 p.m.79 views

CVE-2021-20079

The CVE-2021-20079 entry affects Tenable Nessus versions prior to 8.14.0 (notably 8.13.2 and earlier). The vulnerability is a privilege-escalation flaw where an authenticated Nessus administrator can upload a specially crafted file to gain administrator privileges on the Nessus host. Root cause d...

7.2CVSS6.7AI score0.00447EPSS
CVE
CVE
added 2022/10/24 9:12 p.m.79 views

CVE-2022-33757

The CVE-2022-33757 entry describes an information disclosure in Nessus where an authenticated attacker can read Nessus Debug Log file attachments via the web UI without proper privileges. Public-connected sources corroborate that this affects Nessus and its web interface, enabling disclosure of s...

6.5CVSS6.7AI score0.00783EPSS
CVE
CVE
added 2023/11/20 8:35 p.m.76 views

CVE-2023-6178

Summary: CVE-2023-6178 is an arbitrary file write vulnerability affecting Tenable Nessus Agent upstream/remote agent when self-reported as pre-10.4.4. An authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remot...

6.8CVSS6.4AI score0.00826EPSS
CVE
CVE
added 2019/02/12 4:0 a.m.71 views

CVE-2019-3923

Nessus (Tenable Nessus) versions 8.2.1 and earlier are affected by a stored XSS vulnerability caused by improper validation of user-supplied input. An authenticated, remote attacker could exploit this via a specially crafted request to execute arbitrary script code in a user’s browser session. Te...

5.4CVSS5.7AI score0.00879EPSS
CVE
CVE
added 2023/03/15 12:0 a.m.71 views

CVE-2022-4313

Summary: CVE-2022-4313 relates to Tenable products where an authenticated user with Scan Policy Configuration roles could modify audit policy variables to run arbitrary commands on credentialed scan targets, potentially leading to code execution. The vulnerability is discussed across multiple fee...

8.8CVSS8.8AI score0.01236EPSS
CVE
CVE
added 2023/02/01 12:0 a.m.70 views

CVE-2023-0524

CVE-2023-0524 concerns a privilege-escalation issue in Tenable products. The authenticated attacker could modify environment variables and, by abusing an impacted plugin, escalate privileges. Affected products mentioned across sources include Tenable Nessus, Tenable.io, and Tenable.sc. The underl...

8.8CVSS8.9AI score0.00639EPSS
CVE
CVE
added 2020/11/05 7:11 p.m.69 views

CVE-2020-5793

CVE-2020-5793 affects Tenable Nessus (Windows) versions 8.9.0–8.12.0 and Nessus Agent 8.0.0–8.1.0. An authenticated local attacker can copy user-supplied files to a specially crafted path in a named user directory by dropping a malicious file into a system directory. The exploit requires valid Wi...

7.8CVSS7.3AI score0.00392EPSS
CVE
CVE
added 2022/06/21 2:23 p.m.69 views

CVE-2022-32974

CVE-2022-32974 is confirmed in connected documents as affecting Tenable Nessus/ Nessus Agent prior to specific versions. An authenticated attacker could read arbitrary files from the underlying OS via a crafted compliance audit file, without SSH credentials. Exploitation details and affected vers...

6.5CVSS7.1AI score0.00699EPSS
CVE
CVE
added 2017/01/31 10:0 p.m.68 views

CVE-2016-9260

CVE-2016-9260 is a stored cross-site scripting (XSS) vulnerability affecting Tenable Nessus prior to version 6.9. The issue arises in how Nessus handles .nessus files, allowing an authenticated, remote attacker to inject arbitrary script/HTML into a user's browser session. Public documents consis...

5.4CVSS5.2AI score0.01252EPSS
CVE
CVE
added 2021/11/02 11:24 p.m.68 views

CVE-2021-20135

CVE-2021-20135 affects Tenable Nessus up to and including version 8.15.2. The issue is a local privilege escalation that could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has provided a fix in Nessus 10.0.0. Evidence across multiple fe...

6.7CVSS6.6AI score0.00298EPSS
CVE
CVE
added 2023/11/20 8:20 p.m.68 views

CVE-2023-6062

CVE-2023-6062 affects Tenable Nessus. An authenticated, remote attacker with administrator privileges can modify Nessus Rules variables to write arbitrary files on the remote host, causing a denial-of-service condition. Public references (TNS-2023-39/40) describe Nessus versions affected and vend...

6.8CVSS6.5AI score0.01034EPSS
CVE
CVE
added 2025/07/01 11:11 p.m.68 views

CVE-2025-36630

CVE-2025-36630 affects Tenable Nessus on Windows, prior to version 10.8.5. A non‑administrative user could overwrite arbitrary local system files with log content, achieving SYSTEM privilege. Root cause details are not explicitly provided in the documents; exploitation status is not detailed. The...

8.4CVSS6.4AI score0.00175EPSS
CVE
CVE
added 2021/06/28 10:29 a.m.67 views

CVE-2021-20100

CVE-2021-20100 affects Nessus Agent for Windows (8.2.4 and earlier). The issue comprises multiple local privilege escalation vulnerabilities that could let an authenticated, local administrator run specific Windows executables as the Nessus host. This is distinct from CVE-2021-20099. The connecte...

6.7CVSS7AI score0.00348EPSS
CVE
CVE
added 2024/02/06 11:38 p.m.67 views

CVE-2024-0971

CVE-2024-0971 is a SQL injection vulnerability in Tenable Nessus. The linked documents confirm that an authenticated, low-privileged remote attacker could potentially alter contents of the scan DB. Exploitation details are not provided beyond this CVE entry. A remediation path is indicated by Ten...

6.5CVSS6.8AI score0.00779EPSS
CVE
CVE
added 2017/08/09 12:0 p.m.66 views

CVE-2017-11506

Affected software and scenario: Nessus Agent and Nessus Scanner prior to version 6.11 (6.x) when linking to Tenable.io or other manager. Root cause: during the initial outgoing connection, the manager’s TLS certificate is not verified, creating a potential MITM condition. Impact: could allow an a...

7.4CVSS7.2AI score0.00571EPSS
CVE
CVE
added 2017/05/12 6:0 p.m.66 views

CVE-2017-2122

CVE-2017-2122 is a stored cross-site scripting vulnerability in Nessus, affecting Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2. It allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors, potentially executing arbitrary JavaScript in the logged...

5.4CVSS5AI score0.00775EPSS
CVE
CVE
added 2018/03/20 6:0 p.m.66 views

CVE-2018-1141

The CVE refers to Tenable Nessus local privilege escalation when Nessus is installed outside the default directory. Affected: Nessus installations prior to version 7.0.3. Issue: installed sub-directories did not have secure permissions, enabling privilege escalation if directory permissions were ...

7CVSS6.9AI score0.00246EPSS
CVE
CVE
added 2017/04/19 2:0 p.m.62 views

CVE-2017-7849

CVE-2017-7849 affects Nessus Agent 6.10.x prior to 6.10.5. The vulnerability arises from insecure permissions in agent mode, allowing an authenticated, remote attacker to trigger a DoS by causing the agent to fail to conduct scans. The issue is documented alongside a related CVE-2017-7850 local p...

5.5CVSS6AI score0.0025EPSS
Total number of security vulnerabilities67