Tenable

Nessus

70 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.3

CVE-2023-5847

  • EPSS 0.05%
  • Veröffentlicht 01.11.2023 16:15:08
  • Zuletzt bearbeitet 21.11.2024 08:42:37

Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.

4.3

CVE-2023-3253

  • EPSS 0.21%
  • Veröffentlicht 29.08.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:16:48

An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application.

6.5

CVE-2023-3252

  • EPSS 0.21%
  • Veröffentlicht 29.08.2023 19:15:27
  • Zuletzt bearbeitet 21.11.2024 08:16:48

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service c...

4.9

CVE-2023-3251

  • EPSS 0.16%
  • Veröffentlicht 29.08.2023 19:15:27
  • Zuletzt bearbeitet 21.11.2024 08:16:48

A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0.

8.8

CVE-2023-2005

  • EPSS 0.07%
  • Veröffentlicht 26.06.2023 18:15:09
  • Zuletzt bearbeitet 03.12.2024 19:15:06

Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . Th...

8.8

CVE-2022-4313

  • EPSS 0.22%
  • Veröffentlicht 15.03.2023 23:15:09
  • Zuletzt bearbeitet 27.02.2025 19:15:47

A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan t...

8.8

CVE-2023-0524

  • EPSS 0.14%
  • Veröffentlicht 01.02.2023 03:15:08
  • Zuletzt bearbeitet 27.03.2025 15:15:42

As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to e...

8.8

CVE-2023-0101

  • EPSS 0.14%
  • Veröffentlicht 20.01.2023 19:15:17
  • Zuletzt bearbeitet 02.04.2025 15:15:50

A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on...

6.5

CVE-2022-3499

  • EPSS 0.43%
  • Veröffentlicht 31.10.2022 20:15:12
  • Zuletzt bearbeitet 05.05.2025 15:15:48

An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present.

6.5

CVE-2022-33757

  • EPSS 0.28%
  • Veröffentlicht 25.10.2022 17:15:53
  • Zuletzt bearbeitet 07.05.2025 14:15:31

An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties ab...