Nessus AMI
by Nessus AMI
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-3974 | Hig | 0.53 | 8.1 | 0.02 | Aug 15, 2019 | Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition. | ||
| CVE-2025-24914 | Hig | 0.51 | 7.8 | 0.00 | Apr 18, 2025 | When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation… | ||
| CVE-2020-5774 | Hig | 0.46 | 7.1 | 0.00 | Aug 21, 2020 | Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session. | ||
| CVE-2019-3982 | Med | 0.42 | 6.5 | 0.02 | Oct 23, 2019 | Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily… | ||
| CVE-2019-3961 | Med | 0.40 | 6.1 | 0.01 | Jun 25, 2019 | Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script… | ||
| CVE-2020-5812 | Med | 0.38 | 5.9 | 0.01 | Feb 6, 2021 | Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | ||
| CVE-2019-3923 | Med | 0.35 | 5.4 | 0.01 | Feb 12, 2019 | Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code… | ||
| CVE-2025-36625 | Med | 0.28 | 4.3 | 0.00 | Apr 18, 2025 | In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application. |
- risk 0.53cvss 8.1epss 0.02
Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition.
- risk 0.51cvss 7.8epss 0.00
When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation…
- risk 0.46cvss 7.1epss 0.00
Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session.
- risk 0.42cvss 6.5epss 0.02
Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily…
- risk 0.40cvss 6.1epss 0.01
Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script…
- risk 0.38cvss 5.9epss 0.01
Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
- risk 0.35cvss 5.4epss 0.01
Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code…
- risk 0.28cvss 4.3epss 0.00
In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application.