Vulnerabilities > Tenable

DATE CVE VULNERABILITY TITLE RISK
2020-12-21 CVE-2020-5808 Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Tenable.Sc 5.14.0/5.14.1
In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration.
network
low complexity
tenable CWE-732
5.0
2020-11-06 CVE-2020-5794 Unspecified vulnerability in Tenable Nessus Network Monitor 5.11.0/5.11.1/5.12.0
A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory.
local
low complexity
tenable
4.6
2020-11-05 CVE-2020-5793 Unspecified vulnerability in Tenable Nessus and Nessus Agent
A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory.
local
low complexity
tenable
7.2
2020-08-21 CVE-2020-5774 Insufficient Session Expiration vulnerability in Tenable Nessus
Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios.
local
low complexity
tenable CWE-613
3.6
2020-07-15 CVE-2020-5765 Cross-Site Scripting vulnerability in Tenable Nessus
Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration.
network
tenable CWE-79
3.5
2020-04-17 CVE-2020-5737 Cross-Site Scripting vulnerability in Tenable Tenable.Sc 5.14.0/5.14.1
Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session.
network
tenable CWE-79
3.5
2019-12-27 CVE-2016-1000029 Cross-Site Scripting vulnerability in Tenable Nessus
Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269).
network
tenable CWE-79
3.5
2019-12-27 CVE-2016-1000028 Cross-Site Scripting vulnerability in Tenable Nessus
Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins.
network
tenable CWE-79
3.5
2019-10-23 CVE-2019-3982 Improper Input Validation vulnerability in Tenable Nessus
Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types.
network
low complexity
tenable CWE-20
4.0
2019-08-15 CVE-2019-3974 Unspecified vulnerability in Tenable Nessus
Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition.
network
low complexity
tenable microsoft
8.5