Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1141 | 1 Tenable | 1 Nessus | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
| When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location. | |||||
| CVE-2018-1147 | 1 Tenable | 1 Nessus | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios, XSS could also occur by altering variables from the Advanced Settings. | |||||
| CVE-2017-18214 | 2 Momentjs, Tenable | 2 Moment, Nessus | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. | |||||
| CVE-2018-1148 | 1 Tenable | 1 Nessus | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change. | |||||