Tenable Nessus_agent
11 CVEs affecting Tenable Nessus_agent. Latest disclosed: 2026-02-13. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-36633 | High | 8.8 | 2025-06-13 | In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTE… |
CVE-2025-36631 | High | 8.4 | 2025-06-13 | In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log… |
CVE-2025-36632 | High | 7.8 | 2025-06-16 | In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege. |
CVE-2020-5793 | High | 7.8 | 2020-11-05 | A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to c… |
CVE-2021-3450 | High | 7.4 | 2021-03-25 | The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from… |
CVE-2023-5847 | Medium | 6.7 | 2023-11-01 | Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and L… |
CVE-2021-20118 | Medium | 6.7 | 2021-09-09 | Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run s… |
CVE-2021-20117 | Medium | 6.7 | 2021-09-09 | Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run s… |
CVE-2021-20077 | Medium | 6.7 | 2021-03-19 | Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessu… |
CVE-2019-16168 | Medium | 6.5 | 2019-09-09 | In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field… |
CVE-2026-2026 | Medium | 6.1 | 2026-02-13 | A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially per… |