Vulnerabilities > Tenable
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-09 | CVE-2019-11041 | Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. | 7.1 |
| 2019-07-01 | CVE-2019-3962 | Cross-site Scripting vulnerability in Tenable Nessus Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. | 3.3 |
| 2019-06-25 | CVE-2019-3961 | Cross-site Scripting vulnerability in Tenable Nessus Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. | 6.1 |
| 2019-06-24 | CVE-2018-20843 | XXE vulnerability in multiple products In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). network low complexity libexpat-project canonical debian fedoraproject opensuse oracle tenable CWE-611 | 7.5 |
| 2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 5.9 |
| 2019-02-20 | CVE-2019-8331 | Cross-site Scripting vulnerability in multiple products In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. | 6.1 |
| 2019-02-12 | CVE-2019-3923 | Cross-site Scripting vulnerability in Tenable Nessus Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. | 5.4 |
| 2018-11-15 | CVE-2018-5407 | Information Exposure Through Discrepancy vulnerability in multiple products Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. | 4.7 |
| 2018-08-02 | CVE-2018-1155 | Cross-site Scripting vulnerability in Tenable Securitycenter In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. | 5.4 |
| 2018-08-02 | CVE-2018-1154 | Unspecified vulnerability in Tenable Securitycenter In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. low complexity tenable | 8.8 |