U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:tenable:nessus:5.2.6:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 27 matching records.
Displaying matches 21 through 27.
Vuln ID Summary CVSS Severity
CVE-2018-1141

When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location.

Published: March 20, 2018; 2:29:00 PM -0400
V3.0: 7.0 HIGH
V2.0: 4.4 MEDIUM
CVE-2017-18214

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.

Published: March 04, 2018; 4:29:00 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-6543

Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows.

Published: March 08, 2017; 6:59:00 PM -0500
V3.0: 7.3 HIGH
V2.0: 6.0 MEDIUM
CVE-2016-9260

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files.

Published: January 31, 2017; 5:59:00 PM -0500
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2016-4055

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

Published: January 23, 2017; 4:59:01 PM -0500
V3.0: 6.5 MEDIUM
V2.0: 7.8 HIGH
CVE-2017-5179

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Published: January 05, 2017; 5:59:00 PM -0500
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2014-4980

The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.

Published: July 23, 2014; 10:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM