Nessus Security Vulnerabilities and Issues — Nessus CVE List

Lucene search

TenableNessus

10 matches found

CVE•added 2017/01/23 9:59 p.m.•191 views

CVE-2016-4055

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

7.8CVSS6.5AI score0.03501EPSS

CVE•added 2017/05/12 6:29 p.m.•52 views

CVE-2017-2122

Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5AI score0.00129EPSS

CVE•added 2017/08/09 12:29 p.m.•49 views

CVE-2017-11506

When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.

7.4CVSS7.2AI score0.00104EPSS

CVE•added 2017/04/19 2:59 p.m.•49 views

CVE-2017-7849

Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode.

5.5CVSS6AI score0.00032EPSS

CVE•added 2017/03/08 11:59 p.m.•45 views

CVE-2017-6543

Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the sy...

7.3CVSS7AI score0.00268EPSS

CVE•added 2017/01/31 10:59 p.m.•43 views

CVE-2016-9260

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files.

5.4CVSS5.2AI score0.00247EPSS

CVE•added 2017/01/05 10:59 p.m.•41 views

CVE-2017-5179

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5AI score0.00235EPSS

CVE•added 2017/03/23 4:59 p.m.•41 views

CVE-2017-7199

Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue.

7.8CVSS7.5AI score0.00082EPSS

CVE•added 2017/04/19 2:59 p.m.•41 views

CVE-2017-7850

Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode.

7.8CVSS7.6AI score0.00028EPSS

CVE•added 2017/02/28 6:59 p.m.•39 views

CVE-2016-9259

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5AI score0.00236EPSS