Nessus
by Tenable
CVEs (55)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1000029 | 0.00 | — | 0.01 | Dec 27, 2019 | Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269). | |||
| CVE-2016-1000028 | 0.00 | — | 0.01 | Dec 27, 2019 | Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198). | |||
| CVE-2019-3982 | 0.00 | — | 0.02 | Oct 23, 2019 | Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily… | |||
| CVE-2019-3974 | 0.00 | — | 0.02 | Aug 15, 2019 | Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition. | |||
| CVE-2019-3962 | 0.00 | — | 0.01 | Jul 1, 2019 | Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could… | |||
| CVE-2019-3961 | 0.00 | — | 0.01 | Jun 25, 2019 | Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script… | |||
| CVE-2019-3923 | 0.00 | — | 0.01 | Feb 12, 2019 | Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code… | |||
| CVE-2014-4980 | 0.00 | — | 0.02 | Jul 23, 2014 | The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter. | |||
| CVE-2014-2848 | 0.00 | — | 0.00 | Apr 11, 2014 | A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program. | |||
| CVE-2007-3546 | 0.00 | — | 0.02 | Jul 3, 2007 | Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2006-2093 | 0.00 | — | 0.04 | Apr 29, 2006 | Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by… | |||
| CVE-2004-2722 | 0.00 | — | 0.00 | Dec 31, 2004 | Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue | |||
| CVE-2004-1445 | 0.00 | — | 0.00 | Dec 31, 2004 | A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges. | |||
| CVE-2003-0373 | 0.00 | — | 0.00 | Jun 16, 2003 | Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a long proto argument to the scanner_add_port function, (2) a long user argument to… | |||
| CVE-2003-0374 | 0.00 | — | 0.02 | Jun 16, 2003 | Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus and possibly libnasl, a different set of vulnerabilities than those identified by CVE-2003-0372 and CVE-2003-0373, aka "similar issues in other nasl functions as well as in libnessus." |
- CVE-2016-1000029Dec 27, 2019risk 0.00cvss —epss 0.01
Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269).
- CVE-2016-1000028Dec 27, 2019risk 0.00cvss —epss 0.01
Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198).
- CVE-2019-3982Oct 23, 2019risk 0.00cvss —epss 0.02
Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily…
- CVE-2019-3974Aug 15, 2019risk 0.00cvss —epss 0.02
Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition.
- CVE-2019-3962Jul 1, 2019risk 0.00cvss —epss 0.01
Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could…
- CVE-2019-3961Jun 25, 2019risk 0.00cvss —epss 0.01
Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script…
- CVE-2019-3923Feb 12, 2019risk 0.00cvss —epss 0.01
Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code…
- CVE-2014-4980Jul 23, 2014risk 0.00cvss —epss 0.02
The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.
- CVE-2014-2848Apr 11, 2014risk 0.00cvss —epss 0.00
A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program.
- CVE-2007-3546Jul 3, 2007risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2006-2093Apr 29, 2006risk 0.00cvss —epss 0.04
Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by…
- CVE-2004-2722Dec 31, 2004risk 0.00cvss —epss 0.00
Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue
- CVE-2004-1445Dec 31, 2004risk 0.00cvss —epss 0.00
A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges.
- CVE-2003-0373Jun 16, 2003risk 0.00cvss —epss 0.00
Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a long proto argument to the scanner_add_port function, (2) a long user argument to…
- CVE-2003-0374Jun 16, 2003risk 0.00cvss —epss 0.02
Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus and possibly libnasl, a different set of vulnerabilities than those identified by CVE-2003-0372 and CVE-2003-0373, aka "similar issues in other nasl functions as well as in libnessus."
Page 3 of 3