Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nessus
(Tenable)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 64 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-05-18 | CVE-2018-1148 | In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change. | Nessus | 6.5 | ||
| 2018-05-18 | CVE-2018-1147 | In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios, XSS could also occur by altering variables from the Advanced Settings. | Nessus | 5.4 | ||
| 2018-03-20 | CVE-2018-1141 | When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location. | Nessus | 7.0 | ||
| 2017-01-05 | CVE-2017-5179 | Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | Nessus | 5.4 | ||
| 2017-05-12 | CVE-2017-2122 | Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | Nessus | 5.4 | ||
| 2017-08-09 | CVE-2017-11506 | When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks. | Nessus | 7.4 | ||
| 2017-01-31 | CVE-2016-9260 | Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files. | Nessus | 5.4 | ||
| 2017-02-28 | CVE-2016-9259 | Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | Nessus | 5.4 | ||
| 2014-07-23 | CVE-2014-4980 | The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter. | Nessus, Web_ui | N/A | ||
| 2014-04-11 | CVE-2014-2848 | A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program. | Nessus, Plugin\-Set | N/A |