Tenable: >> Nessus Agent >> 7.4.0 Security Vulnerabilities
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.
CVSS Score
6.7
EPSS Score
0.001
Published
2023-11-01
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117.
CVSS Score
6.7
EPSS Score
0.0
Published
2021-09-09
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118.
CVSS Score
6.7
EPSS Score
0.0
Published
2021-09-09
Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token.
CVSS Score
6.7
EPSS Score
0.001
Published
2021-03-19
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
CVSS Score
6.5
EPSS Score
0.008
Published
2019-09-09