Vulnerabilities (CVE)

Filtered by vendor Tenable Subscribe
Total 145 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-8050 1 Tenable 1 Appliance 2025-04-20 5.0 MEDIUM 7.5 HIGH
Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password.
CVE-2016-9260 1 Tenable 1 Nessus 2025-04-20 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files.
CVE-2016-9259 1 Tenable 1 Nessus 2025-04-20 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-7850 1 Tenable 1 Nessus 2025-04-20 7.2 HIGH 7.8 HIGH
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode.
CVE-2017-7199 1 Tenable 1 Nessus 2025-04-20 7.2 HIGH 7.8 HIGH
Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue.
CVE-2017-6543 2 Microsoft, Tenable 3 Windows, Appliance, Nessus 2025-04-20 6.0 MEDIUM 7.3 HIGH
Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows.
CVE-2017-7849 1 Tenable 1 Nessus 2025-04-20 2.1 LOW 5.5 MEDIUM
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode.
CVE-2017-11508 1 Tenable 1 Securitycenter 2025-04-20 6.5 MEDIUM 8.8 HIGH
SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access.
CVE-2016-4055 3 Momentjs, Oracle, Tenable 3 Moment, Primavera Unifier, Nessus 2025-04-20 7.8 HIGH 6.5 MEDIUM
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
CVE-2017-11506 1 Tenable 1 Nessus 2025-04-20 5.8 MEDIUM 7.4 HIGH
When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.
CVE-2017-5179 1 Tenable 1 Nessus 2025-04-12 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7280 1 Tenable 1 Web Ui 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header.
CVE-2014-4980 1 Tenable 2 Nessus, Web Ui 2025-04-12 5.0 MEDIUM N/A
The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.
CVE-2016-4448 9 Apple, Hp, Mcafee and 6 more 21 Icloud, Iphone Os, Itunes and 18 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2014-2848 1 Tenable 2 Nessus, Plugin-set 2025-04-12 6.9 MEDIUM N/A
A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program.
CVE-2013-5911 1 Tenable 1 Securitycenter 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2020-11023 7 Debian, Drupal, Fedoraproject and 4 more 60 Debian Linux, Drupal, Fedora and 57 more 2025-04-04 4.3 MEDIUM 6.9 MEDIUM
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2023-0101 1 Tenable 1 Nessus 2025-04-02 N/A 8.8 HIGH
A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host.
CVE-2023-24494 1 Tenable 1 Tenable.sc 2025-04-01 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.
CVE-2023-24493 1 Tenable 1 Tenable.sc 2025-04-01 N/A 5.7 MEDIUM
A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host.