Vulnerabilities > Tenable > Nessus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-01 | CVE-2023-0524 | Unspecified vulnerability in Tenable Nessus, Tenable.Io and Tenable.Sc As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. | 8.8 |
| 2023-01-20 | CVE-2023-0101 | Improper Privilege Management vulnerability in Tenable Nessus A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. | 8.8 |
| 2022-10-31 | CVE-2022-3499 | Information Exposure Through Log Files vulnerability in Tenable Nessus An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present. | 6.5 |
| 2022-10-25 | CVE-2022-33757 | Unspecified vulnerability in Tenable Nessus An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. | 6.5 |
| 2022-10-17 | CVE-2022-28291 | Insufficiently Protected Credentials vulnerability in Tenable Nessus Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. | 6.5 |
| 2022-06-21 | CVE-2022-32973 | Unspecified vulnerability in Tenable Nessus An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges. | 9.0 |
| 2022-06-21 | CVE-2022-32974 | Unspecified vulnerability in Tenable Nessus An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials. | 4.0 |
| 2022-03-15 | CVE-2022-0778 | Infinite Loop vulnerability in multiple products The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. | 7.5 |
| 2022-01-26 | CVE-2022-23990 | Integer Overflow or Wraparound vulnerability in multiple products Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | 7.5 |
| 2022-01-24 | CVE-2022-23852 | Integer Overflow or Wraparound vulnerability in multiple products Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | 9.8 |