Product:

Nessus

(Tenable)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 22
Date ID Summary Products Score Patch
2017-04-19 CVE-2017-7850 Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. Nessus 7.8
2017-04-19 CVE-2017-7849 Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. Nessus 5.5
2017-03-23 CVE-2017-7199 Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue. Nessus 7.8
2017-03-08 CVE-2017-6543 Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows. Appliance, Nessus 7.3
2019-08-15 CVE-2019-3974 Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition. Nessus 8.1
2017-01-23 CVE-2016-4055 The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." Moment, Nessus 6.5
2018-11-15 CVE-2018-5407 Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. Ubuntu_linux, Debian_linux, Node\.js, Openssl, Api_gateway, Application_server, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Mysql_enterprise_backup, Peoplesoft_enterprise_peopletools, Primavera_p6_enterprise_project_portfolio_management, Tuxedo, Vm_virtualbox, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Nessus 4.7
2019-07-01 CVE-2019-3962 Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the authenticated adversary to inject arbitrary text into the feed status, which will remain saved post session expiration. Nessus 3.3
2019-06-25 CVE-2019-3961 Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a users browser session. Nessus 6.1
2019-02-27 CVE-2019-1559 If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt... Ubuntu_linux, Debian_linux, Traffix_signaling_delivery_controller, Element_software, Hyper_converged_infrastructure, Oncommand_unified_manager, Oncommand_workflow_automation, Ontap_select_deploy, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider, Snapcenter, Snapdrive, Steelstore_cloud_integrated_storage, Storage_automation_store, Storagegrid, Openssl, Leap, Nessus 5.9