VYPR
Vendor

Nessus AMI

Products
1
CVEs
8
Across products
8
Status
Private

Products

1

Recent CVEs

8
  • CVE-2019-3974HigAug 15, 2019
    risk 0.53cvss 8.1epss 0.02

    Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition.

  • CVE-2025-24914HigApr 18, 2025
    risk 0.51cvss 7.8epss 0.00

    When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation…

  • CVE-2020-5774HigAug 21, 2020
    risk 0.46cvss 7.1epss 0.00

    Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session.

  • CVE-2019-3982MedOct 23, 2019
    risk 0.42cvss 6.5epss 0.02

    Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily…

  • CVE-2019-3961MedJun 25, 2019
    risk 0.40cvss 6.1epss 0.01

    Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script…

  • CVE-2020-5812MedFeb 6, 2021
    risk 0.38cvss 5.9epss 0.01

    Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.

  • CVE-2019-3923MedFeb 12, 2019
    risk 0.35cvss 5.4epss 0.01

    Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code…

  • CVE-2025-36625MedApr 18, 2025
    risk 0.28cvss 4.3epss 0.00

    In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application.