U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:tenable:nessus_agent:8.0.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 5 matching records.
Displaying matches 1 through 5.
Vuln ID Summary CVSS Severity
CVE-2021-20118

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117.

Published: September 09, 2021; 8:15:08 AM -0400
V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2021-20117

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118.

Published: September 09, 2021; 8:15:07 AM -0400
V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2021-20077

Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.

Published: March 19, 2021; 3:15:13 PM -0400
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2020-5793

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.

Published: November 05, 2020; 3:15:17 PM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2019-16168

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

Published: September 09, 2019; 1:15:13 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM