Tenable

Nessus

73 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.82%
  • Veröffentlicht 15.08.2019 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:42:59

Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition.

  • EPSS 0.95%
  • Veröffentlicht 01.07.2019 20:15:11
  • Zuletzt bearbeitet 21.11.2024 04:42:57

Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. S...

  • EPSS 1.48%
  • Veröffentlicht 25.06.2019 21:15:09
  • Zuletzt bearbeitet 21.11.2024 04:42:56

Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request ...

Exploit
  • EPSS 7.11%
  • Veröffentlicht 24.06.2019 17:15:09
  • Zuletzt bearbeitet 30.05.2025 20:15:20

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

  • EPSS 17.14%
  • Veröffentlicht 27.02.2019 23:29:00
  • Zuletzt bearbeitet 21.11.2024 04:36:48

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid...

  • EPSS 0.88%
  • Veröffentlicht 12.02.2019 04:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:52

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to ex...

Exploit
  • EPSS 3.42%
  • Veröffentlicht 15.11.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:08:45

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

  • EPSS 0.77%
  • Veröffentlicht 18.05.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:17

In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change.

  • EPSS 1.15%
  • Veröffentlicht 18.05.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:17

In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code i...

  • EPSS 0.25%
  • Veröffentlicht 20.03.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:16

When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in ...