Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tenable vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2018-1147
In Nessus prior to 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser sess...
Tenable Nessus
756
VMScore
CVE-2021-20106
Nessus Agent versions 8.2.5 and previous versions were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.
Tenable Nessus
356
VMScore
CVE-2018-1148
In Nessus prior to 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change.
Tenable Nessus
578
VMScore
CVE-2021-20076
Tenable.sc and Tenable.sc Core versions 5.13.0 up to and including 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization.
Tenable Tenable.sc
756
VMScore
CVE-2019-3974
Nessus 8.5.2 and previous versions on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition.
Tenable Nessus
801
VMScore
CVE-2022-32973
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
Tenable Nessus
NA
CVE-2022-3499
An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present.
Tenable Nessus
294
VMScore
CVE-2018-1154
In SecurityCenter versions before 5.7.0, a username enumeration issue could allow an unauthenticated malicious user to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this ...
Tenable Securitycenter
312
VMScore
CVE-2018-1155
In SecurityCenter versions before 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated malicious user to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented t...
Tenable Securitycenter
NA
CVE-2023-24493
A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve...
Tenable Tenable.sc
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5841
file upload
man-in-the-middle
arbitrary
CVE-2024-27801
CVE-2024-28020
CVE-2024-30080
CVE-2024-30069
CVE-2024-5843
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »