Nessus Security Vulnerabilities and Issues — Nessus CVE List

Lucene search

TenableNessus

9 matches found

CVE•added 2019/02/27 11:29 p.m.•780 views

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is receiv...

5.9CVSS6.3AI score0.04426EPSS

CVE•added 2019/06/24 5:15 p.m.•462 views

CVE-2018-20843

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

7.8CVSS7.5AI score0.05817EPSS

CVE•added 2019/06/25 9:15 p.m.•214 views

CVE-2019-3961

Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a users brows...

6.1CVSS6.4AI score0.00422EPSS

CVE•added 2019/08/15 7:15 p.m.•104 views

CVE-2019-3974

Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition.

8.5CVSS7.9AI score0.00541EPSS

CVE•added 2019/07/01 8:15 p.m.•95 views

CVE-2019-3962

Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the authentica...

4.3CVSS4.5AI score0.00271EPSS

CVE•added 2019/10/23 7:15 p.m.•88 views

CVE-2019-3982

Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive.

6.5CVSS6.4AI score0.00711EPSS

CVE•added 2019/02/12 4:29 a.m.•49 views

CVE-2019-3923

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser s...

5.4CVSS5.7AI score0.00187EPSS

CVE•added 2019/12/27 3:15 p.m.•43 views

CVE-2016-1000029

Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269).

4.8CVSS5AI score0.00353EPSS

CVE•added 2019/12/27 3:15 p.m.•38 views

CVE-2016-1000028

Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198).

4.8CVSS5AI score0.00311EPSS