Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:tenable:nessus:6.9.1:*:*:*:*:*:*:*
There are 25 matching records.
Displaying matches 21 through 25.
Vuln ID Summary CVSS Severity

Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 12, 2017; 2:29:00 PM -0400
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW

Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue.

Published: March 23, 2017; 12:59:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH

Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows.

Published: March 08, 2017; 6:59:00 PM -0500
V3.0: 7.3 HIGH
V2.0: 6.0 MEDIUM

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

Published: January 23, 2017; 4:59:01 PM -0500
V3.0: 6.5 MEDIUM
V2.0: 7.8 HIGH

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Published: January 05, 2017; 5:59:00 PM -0500
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW