Nessus Security Vulnerabilities and Issues — Nessus CVE List

Lucene search

TenableNessus

11 matches found

CVE•added 2019/02/27 11:29 p.m.•780 views

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is receiv...

5.9CVSS6.3AI score0.04426EPSS

CVE•added 2021/03/25 3:15 p.m.•749 views

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS6.7AI score0.15517EPSS

CVE•added 2018/05/18 10:29 p.m.•67 views

CVE-2018-1147

In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios, X...

5.4CVSS5.6AI score0.00363EPSS

CVE•added 2017/05/12 6:29 p.m.•52 views

CVE-2017-2122

Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5AI score0.00129EPSS

CVE•added 2017/04/19 2:59 p.m.•49 views

CVE-2017-7849

Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode.

5.5CVSS6AI score0.00032EPSS

CVE•added 2019/02/12 4:29 a.m.•49 views

CVE-2019-3923

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser s...

5.4CVSS5.7AI score0.00187EPSS

CVE•added 2017/01/31 10:59 p.m.•43 views

CVE-2016-9260

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files.

5.4CVSS5.2AI score0.00247EPSS

CVE•added 2014/07/23 2:55 p.m.•41 views

CVE-2014-4980

The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.

5CVSS6.2AI score0.00475EPSS

CVE•added 2017/01/05 10:59 p.m.•41 views

CVE-2017-5179

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5AI score0.00235EPSS

CVE•added 2020/07/15 1:15 p.m.•40 views

CVE-2020-5765

Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable has implemented additional ...

5.4CVSS5.7AI score0.0038EPSS

CVE•added 2017/02/28 6:59 p.m.•39 views

CVE-2016-9259

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5AI score0.00236EPSS