Vulnerabilities > Tenable

DATE CVE VULNERABILITY TITLE RISK
2018-03-20 CVE-2018-1141 Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus
When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories.
4.4
2018-03-04 CVE-2017-18214 Resource Exhaustion vulnerability in multiple products
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
network
low complexity
momentjs tenable CWE-400
5.0
2017-11-02 CVE-2017-11508 SQL Injection vulnerability in Tenable Securitycenter 5.5.0/5.5.1/5.5.2
SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans.
network
low complexity
tenable CWE-89
6.5
2017-08-09 CVE-2017-11506 Improper Certificate Validation vulnerability in Tenable Nessus
When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection.
network
tenable CWE-295
5.8
2017-05-12 CVE-2017-2122 Cross-site Scripting vulnerability in Tenable Nessus
Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
network
tenable CWE-79
3.5
2017-04-21 CVE-2017-8051 OS Command Injection vulnerability in Tenable Appliance
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI.
network
low complexity
tenable CWE-78
critical
10.0
2017-04-21 CVE-2017-8050 Unspecified vulnerability in Tenable Appliance
Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password.
network
low complexity
tenable
5.0
2017-04-19 CVE-2017-7850 Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode.
local
low complexity
tenable CWE-732
7.2
2017-04-19 CVE-2017-7849 Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode.
local
low complexity
tenable CWE-732
2.1
2017-03-23 CVE-2017-7199 Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus
Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode.
local
low complexity
tenable CWE-732
7.2