Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tenable vulnerabilities and exploits
(subscribe to this query)
7
CVSSv3
CVE-2018-1141
When installing Nessus to a directory outside of the default location, Nessus versions before 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location.
Tenable Nessus
5.4
CVSSv3
CVE-2023-24494
A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary sc...
Tenable Tenable.sc
8.8
CVSSv3
CVE-2023-0101
A privilege escalation vulnerability was identified in Nessus versions 8.10.1 up to and including 8.15.8 and 10.0.0 up to and including 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the N...
Tenable Nessus
6.5
CVSSv3
CVE-2023-24495
A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly.
Tenable Tenable.sc
7.5
CVSSv3
CVE-2017-8050
Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password.
Tenable Appliance
8.8
CVSSv3
CVE-2021-20076
Tenable.sc and Tenable.sc Core versions 5.13.0 up to and including 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization.
Tenable Tenable.sc
6.7
CVSSv3
CVE-2021-20100
Nessus Agent 8.2.4 and previous versions for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099.
Tenable Nessus
4.8
CVSSv3
CVE-2016-1000028
Tenable Nessus prior to 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198).
Tenable Nessus
7.1
CVSSv3
CVE-2020-5774
Nessus versions 8.11.0 and previous versions were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session.
Tenable Nessus
1 Github repository
7.5
CVSSv3
CVE-2020-5808
In certain scenarios in Tenable.sc before 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration.
Tenable Tenable.sc
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »