Page 11 of 55 results (0.012 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files. Vulnerabilidad de XSS en Tenable Nessus en versiones anteriores a 6.9 permite a los usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarias a través de vectores relacionados con el manejo de archivos .nessus. • http://jvn.jp/en/jp/JVN12796388/index.html http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000013.html http://www.securityfocus.com/bid/95772 https://www.tenable.com/security/tns-2016-16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." La función duration en el paquete moment en versiones anteriores a 2.11.2 para Node.js permite a atacantes remotos provocar una denegación de servicio (consumo de CPU ) a través de una cadena larga, vulnerabilidad también conocida como "Denial of Service (ReDoS) de expresión regular". • http://www.openwall.com/lists/oss-security/2016/04/20/11 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/95849 https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E https:/ • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Tenable Nessus en versiones anteriores a 6.9.3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/95307 http://www.securitytracker.com/id/1037558 https://www.tenable.com/security/tns-2017-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la interfaz gráfica para Windows de Nessus Vulnerability Scanner anterior a 3.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados. • http://osvdb.org/37011 http://secunia.com/advisories/25856 http://www.nessus.org/news http://www.securityfocus.com/bid/24677 http://www.securitytracker.com/id?1018318 http://www.vupen.com/english/advisories/2007/2362 https://exchange.xforce.ibmcloud.com/vulnerabilities/35118 •

CVSS: 2.6EPSS: 5%CPEs: 9EXPL: 0

Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by guaranteeing that a script "can not do anything nasty." This issue is appropriate for CVE only if Nessus users have an expectation that a split statement will not use excessive memory. • http://securityreason.com/securityalert/817 http://securitytracker.com/id?1015996 http://www.osvdb.org/25084 http://www.securityfocus.com/archive/1/431987/100/0/threaded http://www.securityfocus.com/archive/1/431993/100/0/threaded http://www.securityfocus.com/archive/1/431994/100/0/threaded http://www.vupen.com/english/advisories/2006/1541 https://exchange.xforce.ibmcloud.com/vulnerabilities/26034 https://usn.ubuntu.com/279-1 • CWE-399: Resource Management Errors •