Vulnerabilities > Tenable

DATE CVE VULNERABILITY TITLE RISK
2021-07-21 CVE-2021-20106 Improper Privilege Management vulnerability in Tenable Nessus
Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.
network
tenable CWE-269
8.5
2021-06-29 CVE-2021-20079 Improper Privilege Management vulnerability in Tenable Nessus
Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.
local
low complexity
tenable CWE-269
7.2
2021-06-28 CVE-2021-20099 Improper Privilege Management vulnerability in Tenable Nessus
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host.
local
low complexity
tenable CWE-269
4.6
2021-06-28 CVE-2021-20100 Improper Privilege Management vulnerability in Tenable Nessus
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host.
local
low complexity
tenable CWE-269
4.6
2021-03-25 CVE-2021-3450 Improper Certificate Validation vulnerability in multiple products
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain.
5.8
2021-03-25 CVE-2021-3449 Null Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
4.3
2021-03-19 CVE-2021-20077 Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus Agent
Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.
local
low complexity
tenable CWE-732
2.1
2021-03-10 CVE-2021-21371 Deserialization of Untrusted Data vulnerability in Tenable Jira Cloud
Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state.
local
low complexity
tenable CWE-502
4.6
2021-03-03 CVE-2021-20076 Deserialization of Untrusted Data vulnerability in Tenable Tenable.Sc 5.14.0/5.14.1/5.17.0
Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization.
network
low complexity
tenable CWE-502
6.5
2021-02-16 CVE-2021-23841 Integer Overflow OR Wraparound vulnerability in multiple products
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate.
4.3