Tenable

Nessus

70 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.4

CVE-2025-36630

Media report
  • EPSS 0.02%
  • Published 01.07.2025 23:11:13
  • Last modified 03.07.2025 15:14:12

In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

4.3

CVE-2025-36625

  • EPSS 0.04%
  • Published 18.04.2025 19:17:30
  • Last modified 21.04.2025 14:23:45

In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application.

7.8

CVE-2025-24914

  • EPSS 0.01%
  • Published 18.04.2025 18:18:02
  • Last modified 21.04.2025 14:23:45

When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in th...

8.2

CVE-2024-3290

  • EPSS 0.09%
  • Published 17.05.2024 17:15:07
  • Last modified 21.11.2024 09:29:19

A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host

7.8

CVE-2024-3289

  • EPSS 0.1%
  • Published 17.05.2024 17:15:07
  • Last modified 21.11.2024 09:29:19

When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured ...

7.8

CVE-2024-2390

  • EPSS 0.07%
  • Published 18.03.2024 16:15:09
  • Last modified 21.11.2024 09:09:39

As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific fi...

4.8

CVE-2024-0955

  • EPSS 0.1%
  • Published 07.02.2024 00:15:55
  • Last modified 21.11.2024 08:47:52

A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.

6.5

CVE-2024-0971

  • EPSS 0.13%
  • Published 07.02.2024 00:15:55
  • Last modified 21.11.2024 08:47:55

A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.

6.5

CVE-2023-6178

  • EPSS 0.1%
  • Published 20.11.2023 21:15:08
  • Last modified 21.11.2024 08:43:17

An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service cond...

6.5

CVE-2023-6062

  • EPSS 0.21%
  • Published 20.11.2023 21:15:08
  • Last modified 21.11.2024 08:43:04

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a de...