CVE-2024-3291
published 2024-05-17CVE-2024-3291: When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure…
PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.18%
7.1th percentile
When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tenable | nessus_agent | < 10.6.4 | 10.6.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Tenable
[R1] Nessus Agent Version 10.6.4 Fixes Multiple Vulnerabilities
blogs_tenable·2024-05-16
[R1] Nessus Agent Version 10.6.4 Fixes Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bugzilla
CVE-2024-27062 kernel: nouveau: lock the client object tree.
bugzilla·2024-05-01·CVSS 5.5
CVE-2024-27062 [MEDIUM] CVE-2024-27062 kernel: nouveau: lock the client object tree.
CVE-2024-27062 kernel: nouveau: lock the client object tree.
In the Linux kernel, the following vulnerability has been resolved:
nouveau: lock the client object tree.
The Linux kernel CVE team has assigned CVE-2024-27062 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024050130-CVE-2024-27062-3291@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2278388]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.2 Extended Update Support
Via RHSA-2024:5067 https://access.redhat.com/errata/RHSA-2024:5067
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.2 Extended Update Support
Via RHSA-2024:5066 https://access.redhat.com/errata/RHSA-2024
2024-05-17
Published