Vulnerabilities > Tenable > Nessus > 5.2.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-25 | CVE-2021-3449 | NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. | 5.9 |
| 2020-08-21 | CVE-2020-5774 | Insufficient Session Expiration vulnerability in Tenable Nessus Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. | 3.6 |
| 2020-07-15 | CVE-2020-5765 | Cross-site Scripting vulnerability in Tenable Nessus Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. | 3.5 |
| 2019-12-27 | CVE-2016-1000029 | Cross-site Scripting vulnerability in Tenable Nessus Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269). | 3.5 |
| 2019-12-27 | CVE-2016-1000028 | Cross-site Scripting vulnerability in Tenable Nessus Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. | 3.5 |
| 2019-10-23 | CVE-2019-3982 | Improper Input Validation vulnerability in Tenable Nessus Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. | 4.0 |
| 2019-08-15 | CVE-2019-3974 | Unspecified vulnerability in Tenable Nessus Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition. | 8.5 |
| 2019-07-01 | CVE-2019-3962 | Cross-site Scripting vulnerability in Tenable Nessus Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. | 4.3 |
| 2019-06-25 | CVE-2019-3961 | Cross-site Scripting vulnerability in Tenable Nessus Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. | 4.3 |
| 2019-06-24 | CVE-2018-20843 | XXE vulnerability in multiple products In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). network low complexity libexpat-project canonical debian fedoraproject opensuse oracle tenable CWE-611 | 7.5 |