Vulnerabilities > Tenable > Nessus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-20 | CVE-2018-1141 | Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. | 4.4 |
| 2018-03-04 | CVE-2017-18214 | Resource Exhaustion vulnerability in multiple products The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. | 5.0 |
| 2017-08-09 | CVE-2017-11506 | Improper Certificate Validation vulnerability in Tenable Nessus When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. | 5.8 |
| 2017-05-12 | CVE-2017-2122 | Cross-site Scripting vulnerability in Tenable Nessus Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2017-04-19 | CVE-2017-7850 | Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. | 7.2 |
| 2017-04-19 | CVE-2017-7849 | Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. | 2.1 |
| 2017-03-23 | CVE-2017-7199 | Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. | 7.2 |
| 2017-03-08 | CVE-2017-6543 | Unspecified vulnerability in Tenable Appliance and Nessus Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. | 6.0 |
| 2017-02-28 | CVE-2016-9259 | Cross-site Scripting vulnerability in Tenable Nessus Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2017-01-31 | CVE-2016-9260 | Cross-site Scripting vulnerability in Tenable Nessus Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files. | 3.5 |