Vulnerabilities > Tenable
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-15 | CVE-2018-5407 | Information Exposure Through Discrepancy vulnerability in multiple products Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. | 4.7 |
| 2018-08-02 | CVE-2018-1155 | Cross-site Scripting vulnerability in Tenable Securitycenter In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. | 3.5 |
| 2018-08-02 | CVE-2018-1154 | Unspecified vulnerability in Tenable Securitycenter In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. low complexity tenable | 3.3 |
| 2018-05-18 | CVE-2018-1148 | Session Fixation vulnerability in Tenable Nessus In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. | 4.0 |
| 2018-05-18 | CVE-2018-1147 | Cross-site Scripting vulnerability in Tenable Nessus In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. | 3.5 |
| 2018-03-28 | CVE-2018-1142 | Cross-site Scripting vulnerability in Tenable Appliance Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. | 3.5 |
| 2018-03-20 | CVE-2018-1141 | Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. | 4.4 |
| 2018-03-04 | CVE-2017-18214 | Resource Exhaustion vulnerability in multiple products The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. | 5.0 |
| 2017-11-02 | CVE-2017-11508 | SQL Injection vulnerability in Tenable Securitycenter 5.5.0/5.5.1/5.5.2 SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. | 6.5 |
| 2017-08-09 | CVE-2017-11506 | Improper Certificate Validation vulnerability in Tenable Nessus When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. | 5.8 |