Skip to main content

Nessus Network Monitor

13 CVEs product

Monthly

CVE-2025-24917 HIGH This Month

In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Authentication Bypass Privilege Escalation Nessus Network Monitor +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-24916 HIGH This Month

When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Authentication Bypass Privilege Escalation Nessus Network Monitor Windows
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2024-9158 MEDIUM This Month

A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE XSS Nessus Network Monitor
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-5624 HIGH PATCH This Week

Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Nessus Network Monitor
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-5623 HIGH PATCH This Week

NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Nessus Network Monitor
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-5622 HIGH PATCH This Week

Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Nessus Network Monitor
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-3711 Cargo CRITICAL PATCH Act Now

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow OpenSSL Debian Linux Active Iq Unified Manager Clustered Data Ontap +27
NVD
CVSS 3.1
9.8
EPSS
87.8%
CVE-2021-3450 Cargo HIGH PATCH This Week

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Authentication Bypass Freebsd Santricity Smi S Provider Firmware Storagegrid Firmware +29
NVD
CVSS 3.1
7.4
EPSS
18.3%
CVE-2021-3449 Cargo MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Freebsd +103
NVD
CVSS 3.1
5.9
EPSS
62.9%
CVE-2021-23841 Cargo MEDIUM PATCH This Month

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Nessus Network Monitor +20
NVD
CVSS 3.1
5.9
EPSS
7.5%
CVE-2021-23840 Cargo HIGH PATCH This Week

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

OpenSSL Integer Overflow Denial Of Service Debian Linux Log Correlation Engine +18
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-1971 MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference Debian Linux Fedora +41
NVD VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2020-5794 HIGH This Week

A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Nessus Network Monitor
NVD
CVSS 3.1
7.8
EPSS
0.4%
EPSS 0% CVSS 7.8
HIGH This Month

In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Authentication Bypass +3
NVD
EPSS 0% CVSS 7.0
HIGH This Month

When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Authentication Bypass Privilege Escalation +2
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE XSS Nessus Network Monitor
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Nessus Network Monitor
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Nessus Network Monitor
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Nessus Network Monitor
NVD
EPSS 88% CVSS 9.8
CRITICAL PATCH Act Now

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow OpenSSL Debian Linux +29
NVD
EPSS 18% CVSS 7.4
HIGH PATCH This Week

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Authentication Bypass Freebsd +31
NVD
EPSS 63% CVSS 5.9
MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service +105
NVD
EPSS 7% CVSS 5.9
MEDIUM PATCH This Month

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service +22
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

OpenSSL Integer Overflow Denial Of Service +20
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference +43
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Nessus Network Monitor
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy