Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:tenable:nessus:8.3.2:*:*:*:*:*:*:*
There are 6 matching records.
Displaying matches 1 through 6.
Vuln ID Summary CVSS Severity
CVE-2020-5774

Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session.

Published: August 21, 2020; 9:15:14 AM -0400
V3.1: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2020-5765

Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable has implemented additional input validation mechanisms to correct this issue in Nessus 8.11.0.

Published: July 15, 2020; 9:15:10 AM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-3982

Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive.

Published: October 23, 2019; 3:15:12 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2019-3974

Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition.

Published: August 15, 2019; 3:15:11 PM -0400
V3.0: 8.1 HIGH
V2.0: 8.5 HIGH
CVE-2019-3962

Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the authenticated adversary to inject arbitrary text into the feed status, which will remain saved post session expiration.

Published: July 01, 2019; 4:15:11 PM -0400
V3.0: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2019-3961

Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a users browser session.

Published: June 25, 2019; 5:15:09 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM