Filtered by vendor Tenable
Subscribe
Total
129 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-6543 | 2 Microsoft, Tenable | 3 Windows, Appliance, Nessus | 2024-02-04 | 6.0 MEDIUM | 7.3 HIGH |
Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows. | |||||
CVE-2016-4055 | 3 Momentjs, Oracle, Tenable | 3 Moment, Primavera Unifier, Nessus | 2024-02-04 | 7.8 HIGH | 6.5 MEDIUM |
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." | |||||
CVE-2016-9259 | 1 Tenable | 1 Nessus | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2017-2122 | 1 Tenable | 1 Nessus | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-4448 | 9 Apple, Hp, Mcafee and 6 more | 21 Icloud, Iphone Os, Itunes and 18 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | |||||
CVE-2014-2848 | 1 Tenable | 2 Nessus, Plugin-set | 2024-02-04 | 6.9 MEDIUM | N/A |
A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program. | |||||
CVE-2014-4980 | 1 Tenable | 2 Nessus, Web Ui | 2024-02-04 | 5.0 MEDIUM | N/A |
The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter. | |||||
CVE-2014-7280 | 1 Tenable | 1 Web Ui | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header. | |||||
CVE-2013-5911 | 1 Tenable | 1 Securitycenter | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter. |