Tenable Nessus
29 CVEs affecting Tenable Nessus. Latest disclosed: 2025-07-01. Critical: 0, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-36630 | High | 8.4 | 2025-07-01 | In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log… |
CVE-2024-3290 | High | 8.2 | 2024-05-17 | A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time… |
CVE-2025-24914 | High | 7.8 | 2025-04-18 | When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. Thi… |
CVE-2024-3289 | High | 7.8 | 2024-05-17 | When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for… |
CVE-2024-2390 | High | 7.8 | 2024-03-18 | As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a mali… |
CVE-2017-7850 | High | 7.8 | 2017-04-19 | Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. |
CVE-2017-7199 | High | 7.8 | 2017-03-23 | Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Ag… |
CVE-2022-0778 | High | 7.5 | 2022-03-15 | The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this functi… |
CVE-2017-11506 | High | 7.4 | 2017-08-09 | When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the ini… |
CVE-2017-6543 | High | 7.3 | 2017-03-08 | Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to… |
CVE-2023-6062 | Medium | 6.8 | 2023-11-20 | An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessu… |
CVE-2023-3252 | Medium | 6.8 | 2023-08-29 | An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite… |
CVE-2023-5847 | Medium | 6.7 | 2023-11-01 | Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and L… |
CVE-2024-0971 | Medium | 6.5 | 2024-02-06 | A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content. |
CVE-2016-4055 | Medium | 6.5 | 2017-01-23 | The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string… |
CVE-2023-2005 | Medium | 6.3 | 2023-06-26 | Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: befor… |
CVE-2017-7849 | Medium | 5.5 | 2017-04-19 | Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. |
CVE-2017-2122 | Medium | 5.4 | 2017-05-12 | Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script… |
CVE-2016-9259 | Medium | 5.4 | 2017-02-28 | Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecifie… |
CVE-2016-9260 | Medium | 5.4 | 2017-01-31 | Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors rela… |