Filtered by vendor Tenable
Subscribe
Total
155 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-2697 | 1 Tenable | 1 Security Center | 2026-02-26 | N/A | 6.3 MEDIUM |
|
An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.
|
|||||
| CVE-2026-2698 | 1 Tenable | 1 Security Center | 2026-02-26 | N/A | 6.5 MEDIUM |
|
An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
|
|||||
| CVE-2026-2026 | 2 Microsoft, Tenable | 2 Windows, Nessus Agent | 2026-02-24 | N/A | 6.1 MEDIUM |
|
A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.
|
|||||
| CVE-2020-11023 | 7 Debian, Drupal, Fedoraproject and 4 more | 60 Debian Linux, Drupal, Fedora and 57 more | 2025-11-07 | 4.3 MEDIUM | 6.9 MEDIUM |
|
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
|
|||||
| CVE-2021-41184 | 6 Drupal, Fedoraproject, Jqueryui and 3 more | 35 Drupal, Fedora, Jquery Ui and 32 more | 2025-11-04 | 4.3 MEDIUM | 6.5 MEDIUM |
|
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
|
|||||
| CVE-2022-24785 | 5 Debian, Fedoraproject, Momentjs and 2 more | 5 Debian Linux, Fedora, Moment and 2 more | 2025-11-03 | 5.0 MEDIUM | 7.5 HIGH |
|
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
|
|||||
| CVE-2021-23358 | 4 Debian, Fedoraproject, Tenable and 1 more | 4 Debian Linux, Fedora, Tenable.sc and 1 more | 2025-11-03 | 6.5 MEDIUM | 3.3 LOW |
|
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
|
|||||
| CVE-2019-11043 | 6 Canonical, Debian, Fedoraproject and 3 more | 23 Ubuntu Linux, Debian Linux, Fedora and 20 more | 2025-11-03 | 7.5 HIGH | 8.7 HIGH |
|
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
|
|||||
| CVE-2021-40438 | 11 Apache, Broadcom, Debian and 8 more | 40 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 37 more | 2025-10-27 | 6.8 MEDIUM | 9.0 CRITICAL |
|
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
|
|||||
| CVE-2025-36633 | 2 Microsoft, Tenable | 2 Windows, Nessus Agent | 2025-10-23 | N/A | 8.8 HIGH |
|
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation.
|
|||||
| CVE-2025-36631 | 2 Microsoft, Tenable | 2 Windows, Nessus Agent | 2025-10-23 | N/A | 8.4 HIGH |
|
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
|
|||||
| CVE-2025-24916 | 2 Microsoft, Tenable | 2 Windows, Nessus Network Monitor | 2025-10-23 | N/A | 7.0 HIGH |
|
When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
|
|||||
| CVE-2025-24917 | 2 Microsoft, Tenable | 2 Windows, Nessus Network Monitor | 2025-10-23 | N/A | 7.8 HIGH |
|
In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation.
|
|||||
| CVE-2024-3232 | 1 Tenable | 1 Identity Exposure | 2025-10-22 | N/A | 7.6 HIGH |
|
A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232
|
|||||
| CVE-2025-36632 | 2 Microsoft, Tenable | 2 Windows, Nessus Agent | 2025-10-21 | N/A | 7.8 HIGH |
|
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.
|
|||||
| CVE-2025-36630 | 2 Microsoft, Tenable | 2 Windows, Nessus | 2025-10-15 | N/A | 8.4 HIGH |
|
In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
|
|||||
| CVE-2018-20843 | 7 Canonical, Debian, Fedoraproject and 4 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2025-05-30 | 7.8 HIGH | 7.5 HIGH |
|
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
|
|||||
| CVE-2022-28291 | 1 Tenable | 1 Nessus | 2025-05-13 | N/A | 6.5 MEDIUM |
|
Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets.
|
|||||
| CVE-2022-33757 | 1 Tenable | 1 Nessus | 2025-05-07 | N/A | 6.5 MEDIUM |
|
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.
|
|||||
| CVE-2022-23990 | 6 Debian, Fedoraproject, Libexpat Project and 3 more | 6 Debian Linux, Fedora, Libexpat and 3 more | 2025-05-05 | 5.0 MEDIUM | 7.5 HIGH |
|
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
|
|||||
| CVE-2022-23852 | 6 Debian, Libexpat Project, Netapp and 3 more | 7 Debian Linux, Libexpat, Clustered Data Ontap and 4 more | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
|
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
|
|||||
| CVE-2022-22827 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2025-05-05 | 6.8 MEDIUM | 8.8 HIGH |
|
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
|
|||||
| CVE-2022-22826 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2025-05-05 | 6.8 MEDIUM | 8.8 HIGH |
|
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
|
|||||
| CVE-2022-22825 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2025-05-05 | 6.8 MEDIUM | 8.8 HIGH |
|
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
|
|||||
| CVE-2022-22824 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
|
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
|
|||||
| CVE-2022-22823 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
|
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
|
|||||
| CVE-2022-22822 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
|
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
|
|||||
| CVE-2021-46143 | 4 Libexpat Project, Netapp, Siemens and 1 more | 8 Libexpat, Active Iq Unified Manager, Clustered Data Ontap and 5 more | 2025-05-05 | 6.8 MEDIUM | 8.1 HIGH |
|
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
|
|||||
| CVE-2021-45960 | 5 Debian, Libexpat Project, Netapp and 2 more | 8 Debian Linux, Libexpat, Active Iq Unified Manager and 5 more | 2025-05-05 | 9.0 HIGH | 8.8 HIGH |
|
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
|
|||||
| CVE-2022-3499 | 1 Tenable | 1 Nessus | 2025-05-05 | N/A | 6.5 MEDIUM |
|
An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present.
|
|||||
| CVE-2021-33193 | 5 Apache, Debian, Fedoraproject and 2 more | 6 Http Server, Debian Linux, Fedora and 3 more | 2025-05-01 | 5.0 MEDIUM | 7.5 HIGH |
|
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
|
|||||
| CVE-2021-44790 | 7 Apache, Apple, Debian and 4 more | 14 Http Server, Mac Os X, Macos and 11 more | 2025-05-01 | 7.5 HIGH | 9.8 CRITICAL |
|
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
|
|||||
| CVE-2016-9260 | 1 Tenable | 1 Nessus | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files.
|
|||||
| CVE-2017-8050 | 1 Tenable | 1 Appliance | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password.
|
|||||
| CVE-2016-4055 | 3 Momentjs, Oracle, Tenable | 3 Moment, Primavera Unifier, Nessus | 2025-04-20 | 7.8 HIGH | 6.5 MEDIUM |
|
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
|
|||||
| CVE-2017-11506 | 1 Tenable | 1 Nessus | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
|
When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.
|
|||||
| CVE-2017-2122 | 1 Tenable | 1 Nessus | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2017-7849 | 1 Tenable | 1 Nessus | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode.
|
|||||
| CVE-2017-11508 | 1 Tenable | 1 Securitycenter | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access.
|
|||||
| CVE-2017-7850 | 1 Tenable | 1 Nessus | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode.
|
|||||