Vulnerabilities > Tenable > Nessus Network Monitor > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-26 | CVE-2023-5622 | Improper Privilege Management vulnerability in Tenable Nessus Network Monitor 5.11.0/5.11.1/5.12.0 Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file. | 8.8 |
| 2023-10-26 | CVE-2023-5623 | Code Injection vulnerability in Tenable Nessus Network Monitor NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location | 7.8 |
| 2023-10-26 | CVE-2023-5624 | Improper Input Validation vulnerability in Tenable Nessus Network Monitor Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. | 7.2 |
| 2021-08-24 | CVE-2021-3712 | Out-of-bounds Read vulnerability in multiple products ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. | 7.4 |
| 2021-03-25 | CVE-2021-3450 | Improper Certificate Validation vulnerability in multiple products The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. | 7.4 |
| 2021-02-16 | CVE-2021-23840 | Integer Overflow or Wraparound vulnerability in multiple products Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. | 7.5 |
| 2020-11-06 | CVE-2020-5794 | Unspecified vulnerability in Tenable Nessus Network Monitor 5.11.0/5.11.1/5.12.0 A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. | 7.8 |