Vulnerabilidades em Tenable

77 resultados
CVE-2017-11507A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unaEPSS 1.0%CVE-2018-15695ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a pathEPSS 1.0%CVE-2019-3962Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability byEPSS 1.0%CVE-2018-15697ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full pEPSS 0.9%CVE-2019-3923Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An autEPSS 0.9%CVE-2023-6178MEDIUM An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter NessusEPSS 0.8%CVE-2024-0971MEDIUM A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content. EPSS 0.8%CVE-2018-1148In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker couEPSS 0.8%CVE-2018-15696ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi.EPSS 0.7%CVE-2018-1154In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery ofEPSS 0.7%CVE-2018-15699ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take aEPSS 0.6%CVE-2023-3252MEDIUMArbitrary File WriteEPSS 0.6%CVE-2017-11506When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate EPSS 0.6%CVE-2018-1155In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript codEPSS 0.6%CVE-2024-0955MEDIUMStored XSS vulnerabilityEPSS 0.6%CVE-2018-1142Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, aEPSS 0.5%CVE-2026-47356HIGHTerrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url parameter in the file scan endpoint (POEPSS 0.5%CVE-2018-1153Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in tEPSS 0.5%CVE-2023-5624HIGHBlind SQL InjectionEPSS 0.5%CVE-2026-47357CRITICALTerrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan eEPSS 0.5%