Vulnerabilities > Tenable

DATE CVE VULNERABILITY TITLE RISK
2017-05-12 CVE-2017-2122 Cross-site Scripting vulnerability in Tenable Nessus
Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
network
tenable CWE-79
3.5
2017-04-21 CVE-2017-8051 OS Command Injection vulnerability in Tenable Appliance
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI.
network
low complexity
tenable CWE-78
critical
10.0
2017-04-21 CVE-2017-8050 Unspecified vulnerability in Tenable Appliance
Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password.
network
low complexity
tenable
5.0
2017-04-19 CVE-2017-7850 Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode.
local
low complexity
tenable CWE-732
7.2
2017-04-19 CVE-2017-7849 Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode.
local
low complexity
tenable CWE-732
2.1
2017-03-23 CVE-2017-7199 Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus
Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode.
local
low complexity
tenable CWE-732
7.2
2017-03-08 CVE-2017-6543 Unspecified vulnerability in Tenable Appliance and Nessus
Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system.
network
tenable microsoft
6.0
2017-02-28 CVE-2016-9261 Cross-site Scripting vulnerability in Tenable LOG Correlation Engine 4.8.0
Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
tenable CWE-79
3.5
2017-02-28 CVE-2016-9259 Cross-site Scripting vulnerability in Tenable Nessus
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
tenable CWE-79
3.5
2017-01-31 CVE-2016-9260 Cross-site Scripting vulnerability in Tenable Nessus
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files.
network
tenable CWE-79
3.5