Product:

Nessus

(Tenable)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 27
Date ID Summary Products Score Patch
2020-08-21 CVE-2020-5774 Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session. Nessus N/A
2019-02-27 CVE-2019-1559 If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt... Ubuntu_linux, Debian_linux, Traffix_signaling_delivery_controller, Element_software, Hyper_converged_infrastructure, Oncommand_unified_manager, Oncommand_workflow_automation, Ontap_select_deploy, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider, Snapcenter, Snapdrive, Steelstore_cloud_integrated_storage, Storage_automation_store, Storagegrid, Openssl, Leap, Nessus 5.9
2020-07-15 CVE-2020-5765 Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable has implemented additional input validation mechanisms to correct this issue in Nessus 8.11.0. Nessus N/A
2019-12-27 CVE-2016-1000029 Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269). Nessus N/A
2019-12-27 CVE-2016-1000028 Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198). Nessus N/A
2019-10-23 CVE-2019-3982 Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive. Nessus N/A
2017-04-19 CVE-2017-7850 Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. Nessus 7.8
2017-04-19 CVE-2017-7849 Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. Nessus 5.5
2017-03-23 CVE-2017-7199 Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue. Nessus 7.8
2017-03-08 CVE-2017-6543 Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows. Appliance, Nessus 7.3