Tenable

Nessus

70 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.4

CVE-2025-36630

Medienbericht
  • EPSS 0.02%
  • Veröffentlicht 01.07.2025 23:11:13
  • Zuletzt bearbeitet 03.07.2025 15:14:12

In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

4.3

CVE-2025-36625

  • EPSS 0.04%
  • Veröffentlicht 18.04.2025 19:17:30
  • Zuletzt bearbeitet 21.04.2025 14:23:45

In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application.

7.8

CVE-2025-24914

  • EPSS 0.01%
  • Veröffentlicht 18.04.2025 18:18:02
  • Zuletzt bearbeitet 21.04.2025 14:23:45

When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in th...

8.2

CVE-2024-3290

  • EPSS 0.09%
  • Veröffentlicht 17.05.2024 17:15:07
  • Zuletzt bearbeitet 21.11.2024 09:29:19

A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host

7.8

CVE-2024-3289

  • EPSS 0.1%
  • Veröffentlicht 17.05.2024 17:15:07
  • Zuletzt bearbeitet 21.11.2024 09:29:19

When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured ...

7.8

CVE-2024-2390

  • EPSS 0.07%
  • Veröffentlicht 18.03.2024 16:15:09
  • Zuletzt bearbeitet 21.11.2024 09:09:39

As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific fi...

4.8

CVE-2024-0955

  • EPSS 0.1%
  • Veröffentlicht 07.02.2024 00:15:55
  • Zuletzt bearbeitet 21.11.2024 08:47:52

A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.

6.5

CVE-2024-0971

  • EPSS 0.13%
  • Veröffentlicht 07.02.2024 00:15:55
  • Zuletzt bearbeitet 21.11.2024 08:47:55

A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.

6.5

CVE-2023-6178

  • EPSS 0.1%
  • Veröffentlicht 20.11.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 08:43:17

An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service cond...

6.5

CVE-2023-6062

  • EPSS 0.21%
  • Veröffentlicht 20.11.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 08:43:04

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a de...