Vulnerabilities > Tenable > Nessus > 6.10.8

DATE CVE VULNERABILITY TITLE RISK
2018-11-15 CVE-2018-5407 Information Exposure Through Discrepancy vulnerability in multiple products
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
4.7
2018-05-18 CVE-2018-1148 Session Fixation vulnerability in Tenable Nessus
In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application.
network
low complexity
tenable CWE-384
6.5
2018-05-18 CVE-2018-1147 Cross-site Scripting vulnerability in Tenable Nessus
In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation.
network
low complexity
tenable CWE-79
5.4
2018-03-20 CVE-2018-1141 Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus
When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories.
local
high complexity
tenable CWE-732
7.0
2018-03-04 CVE-2017-18214 Resource Exhaustion vulnerability in multiple products
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
network
low complexity
momentjs tenable CWE-400
7.5
2017-08-09 CVE-2017-11506 Improper Certificate Validation vulnerability in Tenable Nessus
When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection.
network
high complexity
tenable CWE-295
7.4
2017-01-23 CVE-2016-4055 Resource Exhaustion vulnerability in multiple products
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
network
low complexity
momentjs tenable oracle CWE-400
6.5