CVSS: 7.4EPSS: 0%CPEs: 47EXPL: 0CVE-2017-11506
https://notcve.org/view.php?id=CVE-2017-11506
When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks. Cuando se enlaza un escáner o agente Nessus a Tenable.io u otro gestor, Nessus en versiones 6.x anteriores a la 6.11 no verifica el certificado TLS del gestor cuando se realiza la conexión de salida inicial. Esto podría permitir ataques man-in-the-middle. • http://www.securitytracker.com/id/1039141 https://www.tenable.com/security/tns-2017-11 • CWE-295: Improper Certificate Validation •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2017-2122
https://notcve.org/view.php?id=CVE-2017-2122
Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Nessus, en las versiones 6.8.0, 6.8.1, 6.9.1 y 6.9.2 permite a los atacantes remotos autenticados inyectar scripts web o HTML arbitrarios mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN87760109/index.html https://www.tenable.com/security/tns-2017-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-7849
https://notcve.org/view.php?id=CVE-2017-7849
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. Se encontró que Nessus 6.10.x en versiones anteriores a 6.10.5 era vulnerable a una condición local de denegación de servicio debido a permisos inseguros al ejecutarse en Agent Mode. • http://www.securityfocus.com/bid/97951 https://www.tenable.com/security/tns-2017-10 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-7850
https://notcve.org/view.php?id=CVE-2017-7850
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. Se encontró que Nessus 6.10.x en versiones anteriores a 6.10.5 era vulnerable a un problema de escalada de privilegios locales debido a permisos inseguros al ejecutar en Agent Mode. • http://www.securityfocus.com/bid/97952 https://www.tenable.com/security/tns-2017-10 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-7199
https://notcve.org/view.php?id=CVE-2017-7199
Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue. Nessus 6.6.2 - 6.10.3 contiene un fallo relacionado con permisos inseguros que pueden permitir a un atacante local remoto aumentar privilegios cuando el software se está ejecutando en Agent Mode. Version 6.10.4 soluciona este problema. • http://www.securityfocus.com/bid/97110 http://www.securitytracker.com/id/1038124 https://aspe1337.blogspot.nl/2017/04/writeup-of-cve-2017-7199.html https://www.tenable.com/security/tns-2017-08 • CWE-732: Incorrect Permission Assignment for Critical Resource •