Tenable Nessus vulnerabilities

CVE-2020-5774 [HIGH] CWE-613 CVE-2020-5774: Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session.

CVE-2020-5765 [MEDIUM] CWE-79 CVE-2020-5765: Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validatio Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable has implemented additional input validation mechanisms to correct this issue in Ne

CVE-2016-1000029 [MEDIUM] CWE-79 CVE-2016-1000029: Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nes Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269).

CVE-2016-1000028 [MEDIUM] CWE-79 CVE-2016-1000028: Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nes Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198).

CVE-2019-3982 [MEDIUM] CWE-20 CVE-2019-3982: Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to imp Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive.

CVE-2019-3974 [HIGH] CVE-2019-3974: Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system fi Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition.

CVE-2019-3962 [LOW] CWE-79 CVE-2019-3962: Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local a Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the authenticated adversary to inject arbitrary text into the feed statu

CVE-2019-3961 [MEDIUM] CWE-79 CVE-2019-3961: Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to imprope Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a users browser session.

CVE-2018-20843 [HIGH] CWE-611 CVE-2018-20843: In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colo In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

CVE-2019-1559 [MEDIUM] CWE-203 CVE-2019-1559: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to sen If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behave

CVE-2019-3923 [MEDIUM] CWE-79 CVE-2019-3923: Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper v Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session. Tenable has released Nessus 8.2.2 to address th

CVE-2018-5407 [MEDIUM] CWE-200 CVE-2018-5407: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerab Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

CVE-2018-1148 [MEDIUM] CWE-384 CVE-2018-1148: In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the ap In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change.

CVE-2018-1147 [MEDIUM] CWE-79 CVE-2018-1147: In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authen In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios, XSS could also occur by altering variables from the Adva

CVE-2018-1141 [HIGH] CWE-732 CVE-2018-1141: When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0. When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location.

CVE-2017-18214 [HIGH] CVE-2017-18214: The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.

CVE-2017-11506 [HIGH] CWE-295 CVE-2017-11506: When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does n When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.

CVE-2017-2122 [MEDIUM] CWE-79 CVE-2017-2122: Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows re Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2017-7850 [HIGH] CWE-732 CVE-2017-7850: Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode.

CVE-2017-7849 [MEDIUM] CWE-732 CVE-2017-7849: Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode.