Vulnerabilities > Tenable

DATE CVE VULNERABILITY TITLE RISK
2022-06-21 CVE-2022-32973 Unspecified vulnerability in Tenable Nessus
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
network
low complexity
tenable
critical
9.0
2022-06-21 CVE-2022-32974 Unspecified vulnerability in Tenable Nessus
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.
network
low complexity
tenable
4.0
2022-04-13 CVE-2022-24828 Improper Input Validation vulnerability in multiple products
Composer is a dependency manager for the PHP programming language.
6.8
2022-04-04 CVE-2022-24785 Path Traversal: 'dir/../../filename' vulnerability in multiple products
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates.
network
low complexity
momentjs tenable netapp fedoraproject CWE-27
5.0
2022-03-15 CVE-2022-0778 Infinite Loop vulnerability in multiple products
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli.
5.0
2022-01-26 CVE-2022-23990 Integer Overflow or Wraparound vulnerability in multiple products
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
7.5
2022-01-24 CVE-2022-23852 Integer Overflow or Wraparound vulnerability in multiple products
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
7.5
2022-01-14 CVE-2022-0130 Code Injection vulnerability in Tenable Tenable.Sc
Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances.
network
tenable CWE-94
6.8
2022-01-10 CVE-2022-22822 Integer Overflow or Wraparound vulnerability in multiple products
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable CWE-190
7.5
2022-01-10 CVE-2022-22823 Integer Overflow or Wraparound vulnerability in multiple products
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable CWE-190
7.5