Filtered by vendor Tenable
Subscriptions
Filtered by product Nessus
Subscriptions
Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0524 | 1 Tenable | 3 Nessus, Tenable.io, Tenable.sc | 2024-08-02 | 8.8 High |
| As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055. | ||||
| CVE-2023-0101 | 1 Tenable | 1 Nessus | 2024-08-02 | 8.8 High |
| A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host. | ||||
| CVE-2024-0971 | 1 Tenable | 1 Nessus | 2024-08-01 | 6.5 Medium |
| A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content. | ||||
| CVE-2024-0955 | 1 Tenable | 1 Nessus | 2024-08-01 | 4.8 Medium |
| A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts. | ||||