Filtered by vendor Tenable
Subscriptions
Total
154 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-22822 | 5 Debian, Libexpat Project, Redhat and 2 more | 6 Debian Linux, Libexpat, Enterprise Linux and 3 more | 2025-05-05 | 9.8 Critical |
| addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||||
| CVE-2021-46143 | 5 Libexpat Project, Netapp, Redhat and 2 more | 10 Libexpat, Active Iq Unified Manager, Clustered Data Ontap and 7 more | 2025-05-05 | 8.1 High |
| In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. | ||||
| CVE-2021-45960 | 6 Debian, Libexpat Project, Netapp and 3 more | 10 Debian Linux, Libexpat, Active Iq Unified Manager and 7 more | 2025-05-05 | 8.8 High |
| In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). | ||||
| CVE-2022-3499 | 1 Tenable | 1 Nessus | 2025-05-05 | 6.5 Medium |
| An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present. | ||||
| CVE-2024-1367 | 1 Tenable | 1 Security Center | 2025-05-02 | 7.2 High |
| A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host. | ||||
| CVE-2021-33193 | 6 Apache, Debian, Fedoraproject and 3 more | 9 Http Server, Debian Linux, Fedora and 6 more | 2025-05-01 | 7.5 High |
| A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. | ||||
| CVE-2021-44790 | 8 Apache, Apple, Debian and 5 more | 20 Http Server, Mac Os X, Macos and 17 more | 2025-05-01 | 9.8 Critical |
| A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. | ||||
| CVE-2022-24785 | 6 Debian, Fedoraproject, Momentjs and 3 more | 16 Debian Linux, Fedora, Moment and 13 more | 2025-04-23 | 7.5 High |
| Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js. | ||||
| CVE-2022-24828 | 3 Fedoraproject, Getcomposer, Tenable | 3 Fedora, Composer, Tenable.sc | 2025-04-23 | 8.3 High |
| Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report. | ||||
| CVE-2017-11506 | 1 Tenable | 1 Nessus | 2025-04-20 | N/A |
| When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks. | ||||
| CVE-2017-8051 | 1 Tenable | 1 Appliance | 2025-04-20 | N/A |
| Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands. | ||||
| CVE-2017-8050 | 1 Tenable | 1 Appliance | 2025-04-20 | N/A |
| Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password. | ||||
| CVE-2017-7850 | 1 Tenable | 1 Nessus | 2025-04-20 | N/A |
| Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. | ||||
| CVE-2017-7849 | 1 Tenable | 1 Nessus | 2025-04-20 | N/A |
| Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. | ||||
| CVE-2017-6543 | 2 Microsoft, Tenable | 3 Windows, Appliance, Nessus | 2025-04-20 | N/A |
| Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows. | ||||
| CVE-2017-2122 | 1 Tenable | 1 Nessus | 2025-04-20 | N/A |
| Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-9261 | 1 Tenable | 1 Log Correlation Engine | 2025-04-20 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-9260 | 1 Tenable | 1 Nessus | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files. | ||||
| CVE-2017-7199 | 1 Tenable | 1 Nessus | 2025-04-20 | N/A |
| Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue. | ||||
| CVE-2016-9259 | 1 Tenable | 1 Nessus | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||