Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tenable nessus - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-33757
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instanc...
Tenable Nessus
3.5
CVSSv2
CVE-2018-1147
In Nessus prior to 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser sess...
Tenable Nessus
4
CVSSv2
CVE-2018-1148
In Nessus prior to 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change.
Tenable Nessus
NA
CVE-2023-0101
A privilege escalation vulnerability was identified in Nessus versions 8.10.1 up to and including 8.15.8 and 10.0.0 up to and including 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the N...
Tenable Nessus
3.5
CVSSv2
CVE-2017-5179
Cross-site scripting (XSS) vulnerability in Tenable Nessus prior to 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Tenable Nessus
4.4
CVSSv2
CVE-2018-1141
When installing Nessus to a directory outside of the default location, Nessus versions before 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location.
Tenable Nessus
7.2
CVSSv2
CVE-2021-20117
Nessus Agent 8.3.0 and previous versions was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118.
Tenable Nessus Agent
7.2
CVSSv2
CVE-2021-20118
Nessus Agent 8.3.0 and previous versions was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117.
Tenable Nessus Agent
5
CVSSv2
CVE-2017-18214
The moment module prior to 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
Momentjs Moment
Tenable Nessus
4 Github repositories
7.2
CVSSv2
CVE-2021-20077
Nessus Agent versions 7.2.0 up to and including 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged malicious user to obtain the ...
Tenable Nessus Agent
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »