Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
tenable

nessus

6 Versions 14 CVEs

Versions

10.7.2

SEMANTIC 2 CVEs

All versions prior to 8.5.0

OTHER 1 CVE

0

SINGLE_NUMBER 11 CVEs

10.5.7

SEMANTIC 1 CVE

6.x before 6.11

OTHER 1 CVE

All versions prior to 7.0.3

OTHER 1 CVE

Recent CVEs

CVE-2024-3290

A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host

HIGH May 17, 2024

CVE-2024-3289

When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.

HIGH May 17, 2024

CVE-2024-2390

As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

HIGH Mar 18, 2024

CVE-2024-0955

A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.

MEDIUM Feb 06, 2024

CVE-2023-6062

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.

MEDIUM Nov 20, 2023

CVE-2023-5847

Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.

MEDIUM Nov 01, 2023

CVE-2023-3253

An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application.

MEDIUM Aug 29, 2023

CVE-2023-3252

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.

MEDIUM Aug 29, 2023

CVE-2023-3251

A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0.

MEDIUM Aug 29, 2023

CVE-2023-2005

Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

MEDIUM Jun 26, 2023