tenable vulnerabilities and exploits

(subscribe to this query)

When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x prior to 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.

Tenable Nessus 6.0.0 Tenable Nessus 6.0.1 Tenable Nessus 6.0.2 Tenable Nessus 6.1.0 Tenable Nessus 6.1.1 Tenable Nessus 6.1.2 Tenable Nessus 6.2.0 Tenable Nessus 6.2.1 Tenable Nessus 6.3.0 Tenable Nessus 6.3.1 Tenable Nessus 6.3.2 Tenable Nessus 6.3.3

Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.

Tenable Appliance 3.4.0 Tenable Appliance 3.5.0 Tenable Appliance 3.5.1 Tenable Appliance 3.10.0 Tenable Appliance 3.10.1 Tenable Appliance 4.0.0 Tenable Appliance 4.1.0 Tenable Appliance 4.2.0 Tenable Appliance 4.3.0 Tenable Appliance 4.3.1 Tenable Appliance 4.4.0

1 EDB exploit

Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local malicious user to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue.

Tenable Nessus 6.6.2 Tenable Nessus 6.7 Tenable Nessus 6.8.0 Tenable Nessus 6.8.1 Tenable Nessus 6.9.0 Tenable Nessus 6.9.1 Tenable Nessus 6.9.2 Tenable Nessus 6.9.3 Tenable Nessus 6.10.0 Tenable Nessus 6.10.1 Tenable Nessus 6.10.2 Tenable Nessus 6.10.3

9 Github repositories

Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a ...

Tenable Tenable.io Tenable Nessus Tenable Security Center Tenable Nessus -Tenable Securitycenter -Tenable Tenable.io -

The /server/properties resource in Tenable Web UI prior to 2.3.5 for Nessus 5.2.3 up to and including 5.2.7 allows remote malicious users to obtain sensitive information via the token parameter.

Tenable Nessus 5.2.3 Tenable Nessus 5.2.4 Tenable Nessus 5.2.5 Tenable Nessus 5.2.6 Tenable Nessus 5.2.7 Tenable Web Ui

Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated malicious users to inject arbitrary web script or HTML via unspecified vectors.

Tenable Nessus 6.8.0 Tenable Nessus 6.8.1 Tenable Nessus 6.9.0 Tenable Nessus 6.9.1 Tenable Nessus 6.9.2

Nessus 6.10.x prior to 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode.

Tenable Nessus 6.10.0 Tenable Nessus 6.10.1 Tenable Nessus 6.10.2 Tenable Nessus 6.10.3 Tenable Nessus 6.10.4

Nessus 6.10.x prior to 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode.

Tenable Nessus 6.10.0 Tenable Nessus 6.10.1 Tenable Nessus 6.10.2 Tenable Nessus 6.10.3 Tenable Nessus 6.10.4

Cross-site scripting (XSS) vulnerability in Tenable Nessus prior to 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Tenable Nessus 6.8 Tenable Nessus 6.8.1 Tenable Nessus 6.8.2 Tenable Nessus 6.9

As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have re...

* Tenable.io, Tenable.sc, Nessus Tenable Nessus -Tenable Tenable.io -Tenable Tenable.sc -

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook