CVE-2017-18214
- EPSS 3.67%
- Veröffentlicht 04.03.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:19:35
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
CVE-2017-11506
- EPSS 0.57%
- Veröffentlicht 09.08.2017 12:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.
CVE-2017-2122
- EPSS 0.78%
- Veröffentlicht 12.05.2017 18:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-7850
- EPSS 0.28%
- Veröffentlicht 19.04.2017 14:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode.
CVE-2017-7849
- EPSS 0.25%
- Veröffentlicht 19.04.2017 14:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode.
CVE-2017-7199
- EPSS 0.35%
- Veröffentlicht 23.03.2017 16:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue.
CVE-2017-6543
- EPSS 0.84%
- Veröffentlicht 08.03.2017 23:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used t...
CVE-2016-9259
- EPSS 0.87%
- Veröffentlicht 28.02.2017 18:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-9260
- EPSS 1.25%
- Veröffentlicht 31.01.2017 22:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files.
CVE-2016-4055
- EPSS 9.91%
- Veröffentlicht 23.01.2017 21:59:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."