Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
tenable nessus

Version 0

SINGLE_NUMBER 11 CVEs

Known Vulnerabilities

CVE-2024-3290

A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host

HIGH CVSS 8.2 Published May 17, 2024

CVE-2024-3289

When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.

HIGH CVSS 7.8 Published May 17, 2024

CVE-2024-2390

As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

HIGH CVSS 7.8 Published Mar 18, 2024

CVE-2024-0971

A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.

MEDIUM CVSS 6.5 Published Feb 06, 2024

CVE-2024-0955

A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.

MEDIUM CVSS 4.8 Published Feb 06, 2024

CVE-2023-6062

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.

MEDIUM CVSS 6.8 Published Nov 20, 2023

CVE-2023-5847

Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.

MEDIUM CVSS 6.7 Published Nov 01, 2023

CVE-2023-3253

An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application.

MEDIUM CVSS 4.3 Published Aug 29, 2023

CVE-2023-3252

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.

MEDIUM CVSS 6.8 Published Aug 29, 2023

CVE-2023-3251

A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0.

MEDIUM CVSS 4.1 Published Aug 29, 2023

CVE-2023-2005

Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

MEDIUM CVSS 6.3 Published Jun 26, 2023