Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nessus nessus vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2021-20118
Nessus Agent 8.3.0 and previous versions was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117.
Tenable Nessus Agent
7.8
CVSSv2
CVE-2016-4055
The duration function in the moment package prior to 2.11.2 for Node.js allows remote malicious users to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
Momentjs Moment
Tenable Nessus
Oracle Primavera Unifier
2 Github repositories
4
CVSSv2
CVE-2018-1148
In Nessus prior to 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change.
Tenable Nessus
9
CVSSv2
CVE-2022-32973
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
Tenable Nessus
4
CVSSv2
CVE-2022-32974
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.
Tenable Nessus
NA
CVE-2024-0955
A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.
Tenable Nessus
4.3
CVSSv2
CVE-2019-3962
Content Injection vulnerability in Tenable Nessus before 8.5.0 may allow an authenticated, local malicious user to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation cou...
Tenable Nessus
3.5
CVSSv2
CVE-2016-9260
Cross-site scripting (XSS) vulnerability in Tenable Nessus prior to 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files.
Tenable Nessus
NA
CVE-2022-3499
An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present.
Tenable Nessus
3.6
CVSSv2
CVE-2020-5774
Nessus versions 8.11.0 and previous versions were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session.
Tenable Nessus
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »