Vulnerabilities > Tenable > Nessus > 5.2.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 5.9 |
| 2019-02-12 | CVE-2019-3923 | Cross-site Scripting vulnerability in Tenable Nessus Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. | 3.5 |
| 2018-11-15 | CVE-2018-5407 | Information Exposure Through Discrepancy vulnerability in multiple products Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. | 4.7 |
| 2018-05-18 | CVE-2018-1148 | Session Fixation vulnerability in Tenable Nessus In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. | 4.0 |
| 2018-05-18 | CVE-2018-1147 | Cross-site Scripting vulnerability in Tenable Nessus In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. | 3.5 |
| 2018-03-20 | CVE-2018-1141 | Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. | 4.4 |
| 2018-03-04 | CVE-2017-18214 | Resource Exhaustion vulnerability in multiple products The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. | 5.0 |
| 2017-03-08 | CVE-2017-6543 | Unspecified vulnerability in Tenable Appliance and Nessus Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. | 6.0 |
| 2017-01-31 | CVE-2016-9260 | Cross-site Scripting vulnerability in Tenable Nessus Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files. | 3.5 |
| 2017-01-23 | CVE-2016-4055 | Resource Exhaustion vulnerability in multiple products The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." | 6.5 |