Tenable Nessus vulnerabilities

CVE-2017-7199 [HIGH] CWE-732 CVE-2017-7199: Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacke Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue.

CVE-2017-6543 [HIGH] CVE-2017-6543: Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to conta Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installatio

CVE-2016-9259 [MEDIUM] CWE-79 CVE-2016-9259: Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVE-2016-9260 [MEDIUM] CWE-79 CVE-2016-9260: Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated us Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files.

CVE-2016-4055 [MEDIUM] CWE-400 CVE-2016-4055: The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cau The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

CVE-2017-5179 [MEDIUM] CWE-79 CVE-2017-5179: Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-4980 [MEDIUM] CWE-200 CVE-2014-4980: The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.

CVE-2014-2848 [MEDIUM] CWE-362 CVE-2014-2848: A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows loc A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program.