As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-18
Updated
2024-03-18
An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks.
Max CVSS
5.9
EPSS Score
0.04%
Published
2024-02-14
Updated
2024-02-15
A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.
Max CVSS
7.2
EPSS Score
0.04%
Published
2024-02-14
Updated
2024-02-15
A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.
Max CVSS
6.5
EPSS Score
0.05%
Published
2024-02-07
Updated
2024-03-04
A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.
Max CVSS
4.8
EPSS Score
0.05%
Published
2024-02-07
Updated
2024-02-14
A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-01-26
Updated
2023-02-06
A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.
Max CVSS
5.4
EPSS Score
0.06%
Published
2023-01-26
Updated
2023-02-02
A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host.
Max CVSS
5.7
EPSS Score
0.06%
Published
2023-01-26
Updated
2023-02-02
An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.
Max CVSS
6.8
EPSS Score
0.05%
Published
2023-11-20
Updated
2023-11-29
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.
Max CVSS
6.8
EPSS Score
0.06%
Published
2023-11-20
Updated
2023-11-29
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.
Max CVSS
7.3
EPSS Score
0.08%
Published
2023-11-01
Updated
2023-11-14
Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection.
Max CVSS
7.2
EPSS Score
0.05%
Published
2023-10-26
Updated
2023-11-06
An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application.
Max CVSS
4.3
EPSS Score
0.06%
Published
2023-08-29
Updated
2023-09-01
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.
Max CVSS
6.8
EPSS Score
0.07%
Published
2023-08-29
Updated
2023-09-01
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0.
Max CVSS
4.9
EPSS Score
0.07%
Published
2023-08-29
Updated
2023-09-01
Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-06-26
Updated
2023-07-05
As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055.
Max CVSS
8.8
EPSS Score
0.09%
Published
2023-02-01
Updated
2023-02-07
A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-01-26
Updated
2023-02-06
A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host.
Max CVSS
8.8
EPSS Score
0.09%
Published
2023-01-20
Updated
2023-01-28
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.
Max CVSS
6.5
EPSS Score
0.06%
Published
2022-10-25
Updated
2022-10-28
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.
Max CVSS
6.5
EPSS Score
0.07%
Published
2022-06-21
Updated
2022-06-28
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
Max CVSS
9.0
EPSS Score
0.10%
Published
2022-06-21
Updated
2022-06-28
Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets.
Max CVSS
6.5
EPSS Score
0.07%
Published
2022-10-17
Updated
2022-10-19
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report.
Max CVSS
8.8
EPSS Score
0.25%
Published
2022-04-13
Updated
2023-06-23
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
Max CVSS
7.5
EPSS Score
0.33%
Published
2022-04-04
Updated
2023-02-16
138 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!