ReportizFlow
Filtered by vendor Tenable
Subscriptions
Total
145 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24785 | 6 Debian, Fedoraproject, Momentjs and 3 more | 15 Debian Linux, Fedora, Moment and 12 more | 2025-04-23 | 7.5 High |
| Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js. | ||||
| CVE-2022-24828 | 3 Fedoraproject, Getcomposer, Tenable | 3 Fedora, Composer, Tenable.sc | 2025-04-23 | 8.3 High |
| Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report. | ||||
| CVE-2017-2122 | 1 Tenable | 1 Nessus | 2025-04-20 | N/A |
| Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-7849 | 1 Tenable | 1 Nessus | 2025-04-20 | N/A |
| Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. | ||||
| CVE-2017-11506 | 1 Tenable | 1 Nessus | 2025-04-20 | N/A |
| When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks. | ||||
| CVE-2017-11508 | 1 Tenable | 1 Securitycenter | 2025-04-20 | N/A |
| SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access. | ||||
| CVE-2017-7850 | 1 Tenable | 1 Nessus | 2025-04-20 | N/A |
| Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. | ||||
| CVE-2017-8050 | 1 Tenable | 1 Appliance | 2025-04-20 | N/A |
| Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password. | ||||
| CVE-2017-6543 | 2 Microsoft, Tenable | 3 Windows, Appliance, Nessus | 2025-04-20 | N/A |
| Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows. | ||||
| CVE-2016-9259 | 1 Tenable | 1 Nessus | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-8051 | 1 Tenable | 1 Appliance | 2025-04-20 | N/A |
| Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands. | ||||
| CVE-2016-9261 | 1 Tenable | 1 Log Correlation Engine | 2025-04-20 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-9260 | 1 Tenable | 1 Nessus | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files. | ||||
| CVE-2017-7199 | 1 Tenable | 1 Nessus | 2025-04-20 | N/A |
| Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue. | ||||
| CVE-2016-4055 | 3 Momentjs, Oracle, Tenable | 3 Moment, Primavera Unifier, Nessus | 2025-04-20 | 6.5 Medium |
| The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." | ||||
| CVE-2014-2848 | 1 Tenable | 2 Nessus, Plugin-set | 2025-04-12 | N/A |
| A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program. | ||||
| CVE-2014-7280 | 1 Tenable | 1 Web Ui | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header. | ||||
| CVE-2014-4980 | 1 Tenable | 2 Nessus, Web Ui | 2025-04-12 | N/A |
| The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter. | ||||
| CVE-2017-5179 | 1 Tenable | 1 Nessus | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-4448 | 9 Apple, Hp, Mcafee and 6 more | 22 Icloud, Iphone Os, Itunes and 19 more | 2025-04-12 | 9.8 Critical |
| Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | ||||