threat
engine
.sh
Back
·
··:··
Home
/
Product
/
tenable nessus
Product
tenable nessus
78 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-36630
< 10.8.5
In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrar
8.4
HIGH
CVE-2024-0971
< 10.7.0
A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB conten
6.5
MEDIUM
CVE-2024-0955
< 10.7.0
A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application
4.8
MEDIUM
CVE-2023-6178
< 10.4.4
An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alt
6.8
MEDIUM
CVE-2023-6062
< 10.5.7
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus a
6.8
MEDIUM
CVE-2023-5847
< 10.6.2
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate
6.7
MEDIUM
CVE-2023-3253
< 10.6.0
An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all th
4.3
MEDIUM
CVE-2023-3252
< 10.6.0
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter log
6.8
MEDIUM
CVE-2023-3251
< 10.6.0
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP c
4.1
MEDIUM
CVE-2023-2005
all versions
Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID
6.3
MEDIUM
CVE-2022-4313
< 10.4.2
A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan
8.8
HIGH
CVE-2023-0524
all versions
As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow
8.8
HIGH
CVE-2023-0101
>= 8.10.1 and < 8.15.8
A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authent
8.8
HIGH
CVE-2022-3499
< 10.4.0
An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario wher
6.5
MEDIUM
CVE-2022-33757
< 10.2.0
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do
6.5
MEDIUM
CVE-2022-28291
all versions
Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials fr
6.5
MEDIUM
CVE-2022-32974
< 10.2.0
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted co
6.5
MEDIUM
CVE-2022-32973
< 10.2.0
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrat
8.8
HIGH
CVE-2022-0778
< 8.15.4
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime m
7.5
HIGH
CVE-2022-23990
< 8.15.3
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
7.5
HIGH
CVE-2022-23852
< 8.15.3
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BY
9.8
CRITICAL
CVE-2022-22827
< 8.15.3
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
8.8
HIGH
CVE-2022-22826
< 8.15.3
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
8.8
HIGH
CVE-2022-22825
< 8.15.3
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
8.8
HIGH
CVE-2022-22824
< 8.15.3
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
9.8
CRITICAL
CVE-2022-22823
< 8.15.3
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
9.8
CRITICAL
CVE-2022-22822
< 8.15.3
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
9.8
CRITICAL
CVE-2021-46143
< 8.15.3
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
8.1
HIGH
CVE-2021-45960
< 8.15.3
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to real
8.8
HIGH
CVE-2021-20135
<= 8.15.2
Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authentic
6.7
MEDIUM
CVE-2021-20106
<= 8.2.5
Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus admi
6.5
MEDIUM
CVE-2021-20079
<= 8.13.2
Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administr
6.7
MEDIUM
CVE-2021-20100
< 8.2.5
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could a
6.7
MEDIUM
CVE-2021-20099
<= 8.2.4
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could a
6.7
MEDIUM
CVE-2021-3450
<= 8.13.1
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not
7.4
HIGH
CVE-2021-3449
<= 8.13.1
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renego
5.9
MEDIUM
CVE-2020-5793
>= 8.9.0 and <= 8.12.0
A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an auth
7.8
HIGH
CVE-2020-5774
<= 8.11.0
Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack
7.1
HIGH
CVE-2020-5765
<= 8.10.0
Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configu
5.4
MEDIUM
CVE-2016-1000029
< 6.8.0
Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially
4.8
MEDIUM
CVE-2016-1000028
< 6.8.0
Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potenti
4.8
MEDIUM
CVE-2019-3982
<= 8.6.0
Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific i
6.5
MEDIUM
CVE-2019-3974
<= 8.5.2
Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbit
8.1
HIGH
CVE-2019-3962
< 8.5.0
Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulner
3.3
LOW
CVE-2019-3961
<= 8.4.0
Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied
6.1
MEDIUM
CVE-2018-20843
< 8.15.0
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser c
7.5
HIGH
CVE-2019-1559
<= 8.2.3
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to
5.9
MEDIUM
CVE-2019-3923
<= 8.2.1
Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied inp
5.4
MEDIUM
CVE-2018-5407
< 8.1.1
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a sid
4.7
MEDIUM
CVE-2018-1148
< 7.1.0
In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated at
6.5
MEDIUM
CVE-2018-1147
< 7.1.0
In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create
5.4
MEDIUM
CVE-2018-1141
< 7.0.3
When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permi
7.0
HIGH
CVE-2017-18214
<= 8.2.3
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a differ
7.5
HIGH
CVE-2017-11506
all versions
When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS ce
7.4
HIGH
CVE-2017-2122
all versions
Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers t
5.4
MEDIUM
CVE-2017-7850
all versions
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when runn
7.8
HIGH
CVE-2017-7849
all versions
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when run
5.5
MEDIUM
CVE-2017-7199
all versions
Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when
7.8
HIGH
CVE-2017-6543
<= 6.10.1
Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remot
7.3
HIGH
CVE-2016-9259
all versions
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web
5.4
MEDIUM
CVE-2016-9260
<= 6.8.1
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web sc
5.4
MEDIUM
CVE-2016-4055
<= 8.2.3
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU co
6.5
MEDIUM
CVE-2017-5179
<= 6.9.2
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web
5.4
MEDIUM
CVE-2014-4980
all versions
The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain se
CVE-2014-2848
all versions
A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by
CVE-2010-2989
all versions
nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to obtain sensitive information v
CVE-2010-2914
all versions
Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote
CVE-2007-4062
all versions
The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete ar
CVE-2007-4061
all versions
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to cr
CVE-2007-4031
all versions
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to de
CVE-2007-3546
<= 3.0.5
Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers t
CVE-2006-2093
<= 2.2.7
Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a
CVE-2004-2723
all versions
NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.
CVE-2004-2722
all versions
Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the
CVE-2004-1445
all versions
A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set,
CVE-2003-0374
<= 2.0.5
Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus and possibly libnasl, a different set of vulnerabilities tha
CVE-2003-0373
<= 2.0.5
Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of s
CVE-2003-0372
<= 2.0.5
Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin