The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Tenable Nessus

computer threat note CVE-2018-11214

libjpeg: denial of service via get_text_rgb_row

Synthesis of the vulnerability

An attacker can generate a fatal error via get_text_rgb_row() of libjpeg, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 14/06/2018.
Identifiers: CERTFR-2018-AVI-288, CVE-2018-11214, DLA-1638-1, RHSA-2019:2052-01, TNS-2018-08, USN-3706-1, USN-3706-2, VIGILANCE-VUL-26428.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via get_text_rgb_row() of libjpeg, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2017-11742

expat: privilege escalation via DLL Hijacking WriteRandomBytes_RtlGenRandom

Synthesis of the vulnerability

An attacker can bypass restrictions via DLL Hijacking WriteRandomBytes_RtlGenRandom() of expat, in order to escalate his privileges.
Severity: 2/4.
Creation date: 14/06/2018.
Identifiers: CERTFR-2018-AVI-288, CVE-2017-11742, TNS-2018-08, VIGILANCE-VUL-26427.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via DLL Hijacking WriteRandomBytes_RtlGenRandom() of expat, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2018-0732

OpenSSL: denial of service via Large DH Parameter

Synthesis of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 12/06/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-0732, DLA-1449-1, DSA-4348-1, DSA-4355-1, FEDORA-2019-00c25b9379, ibm10719319, ibm10729805, ibm10738401, ibm10743283, ibm10874728, JSA10919, K21665601, openSUSE-SU-2018:1906-1, openSUSE-SU-2018:2117-1, openSUSE-SU-2018:2129-1, openSUSE-SU-2018:2667-1, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2816-1, openSUSE-SU-2018:2855-1, openSUSE-SU-2018:3013-1, openSUSE-SU-2018:3015-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:1887-1, SUSE-SU-2018:1968-1, SUSE-SU-2018:2036-1, SUSE-SU-2018:2041-1, SUSE-SU-2018:2207-1, SUSE-SU-2018:2647-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2812-1, SUSE-SU-2018:2956-1, SUSE-SU-2018:2965-1, SUSE-SU-2019:1553-1, SYMSA1462, TNS-2018-14, TNS-2018-17, TSB17568, USN-3692-1, USN-3692-2, VIGILANCE-VUL-26375.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2018-1148

Tenable Nessus: privilege escalation via Session Fixation

Synthesis of the vulnerability

An attacker can bypass restrictions via Session Fixation of Tenable Nessus, in order to escalate his privileges.
Severity: 2/4.
Creation date: 16/05/2018.
Identifiers: CERTFR-2018-AVI-237, CVE-2018-1148, TNS-2018-05, VIGILANCE-VUL-26148.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Session Fixation of Tenable Nessus, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-1147

Tenable Nessus: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Tenable Nessus, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 16/05/2018.
Identifiers: CERTFR-2018-AVI-237, CVE-2018-1147, JVN#96954395, TNS-2018-05, VIGILANCE-VUL-26147.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Tenable Nessus product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Tenable Nessus, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2018-0737

OpenSSL: information disclosure via RSA Constant Time Key Generation

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via RSA Constant Time Key Generation of OpenSSL, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 17/04/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-0737, DLA-1449-1, DSA-4348-1, DSA-4355-1, FEDORA-2019-00c25b9379, ibm10729805, ibm10743283, ibm10880781, JSA10919, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2957-1, openSUSE-SU-2018:3015-1, openSUSE-SU-2019:0152-1, openSUSE-SU-2019:1432-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:2486-1, SUSE-SU-2018:2492-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2928-1, SUSE-SU-2018:2965-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2019:0197-1, SUSE-SU-2019:0512-1, SUSE-SU-2019:1553-1, TNS-2018-14, TNS-2018-17, TSB17568, USN-3628-1, USN-3628-2, USN-3692-1, USN-3692-2, VIGILANCE-VUL-25884.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via RSA Constant Time Key Generation of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2017-18258

libxml2: denial of service via xz_head

Synthesis of the vulnerability

An attacker can generate a fatal error via xz_head() of libxml2, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 09/04/2018.
Identifiers: bulletinapr2019, CERTFR-2018-AVI-288, CVE-2017-18258, DLA-1524-1, JSA10916, openSUSE-SU-2018:3107-1, SUSE-SU-2018:3081-1, TNS-2018-08, USN-3739-1, USN-3739-2, VIGILANCE-VUL-25798.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via xz_head() of libxml2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2018-9251

libxml2: infinite loop via xz_decomp

Synthesis of the vulnerability

An attacker can generate an infinite loop via xz_decomp() of libxml2, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 04/04/2018.
Identifiers: 794914, CERTFR-2018-AVI-288, CVE-2018-9251, DLA-1524-1, JSA10916, openSUSE-SU-2018:3107-1, openSUSE-SU-2018:3110-1, SUSE-SU-2018:3080-1, SUSE-SU-2018:3081-1, TNS-2018-08, VIGILANCE-VUL-25771.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate an infinite loop via xz_decomp() of libxml2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-1141

Tenable Nessus: privilege escalation via Installation Directory

Synthesis of the vulnerability

An attacker can bypass restrictions via Installation Directory of Tenable Nessus, in order to escalate his privileges.
Severity: 2/4.
Creation date: 20/03/2018.
Identifiers: CERTFR-2018-AVI-139, CVE-2018-1141, TNS-2018-01, VIGILANCE-VUL-25601.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Installation Directory of Tenable Nessus, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2017-18214

Node.js moment: denial of service via Regular Expression

Synthesis of the vulnerability

An attacker can generate a fatal error via Regular Expression of Node.js moment, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 28/11/2017.
Identifiers: CERTFR-2019-AVI-132, CVE-2017-18214, TNS-2019-02, VIGILANCE-VUL-24557.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Regular Expression of Node.js moment, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Tenable Nessus: