Vulnerabilities > Tenable > Nessus

DATE CVE VULNERABILITY TITLE RISK
2019-10-23 CVE-2019-3982 Improper Input Validation vulnerability in Tenable Nessus
Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types.
network
low complexity
tenable CWE-20
6.5
2019-08-15 CVE-2019-3974 Unspecified vulnerability in Tenable Nessus
Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition.
network
low complexity
tenable
8.1
2019-07-01 CVE-2019-3962 Cross-site Scripting vulnerability in Tenable Nessus
Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages.
local
low complexity
tenable CWE-79
3.3
2019-06-25 CVE-2019-3961 Cross-site Scripting vulnerability in Tenable Nessus
Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input.
network
low complexity
tenable CWE-79
6.1
2019-06-24 CVE-2018-20843 XXE vulnerability in multiple products
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
7.5
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9
2019-02-12 CVE-2019-3923 Cross-site Scripting vulnerability in Tenable Nessus
Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input.
network
low complexity
tenable CWE-79
5.4
2018-11-15 CVE-2018-5407 Information Exposure Through Discrepancy vulnerability in multiple products
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
4.7
2018-05-18 CVE-2018-1148 Session Fixation vulnerability in Tenable Nessus
In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application.
network
low complexity
tenable CWE-384
6.5
2018-05-18 CVE-2018-1147 Cross-site Scripting vulnerability in Tenable Nessus
In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation.
network
low complexity
tenable CWE-79
5.4