Vulnerabilities > Tenable

DATE CVE VULNERABILITY TITLE RISK
2018-08-02 CVE-2018-1154 Unspecified vulnerability in Tenable Securitycenter
In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access.
low complexity
tenable
8.8
2018-05-18 CVE-2018-1148 Session Fixation vulnerability in Tenable Nessus
In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application.
network
low complexity
tenable CWE-384
6.5
2018-05-18 CVE-2018-1147 Cross-site Scripting vulnerability in Tenable Nessus
In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation.
network
low complexity
tenable CWE-79
5.4
2018-03-28 CVE-2018-1142 Cross-site Scripting vulnerability in Tenable Appliance
Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability.
network
low complexity
tenable CWE-79
5.4
2018-03-20 CVE-2018-1141 Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus
When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories.
local
high complexity
tenable CWE-732
7.0
2018-03-04 CVE-2017-18214 Resource Exhaustion vulnerability in multiple products
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
network
low complexity
momentjs tenable CWE-400
7.5
2017-11-02 CVE-2017-11508 SQL Injection vulnerability in Tenable Securitycenter 5.5.0/5.5.1/5.5.2
SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans.
network
low complexity
tenable CWE-89
8.8
2017-08-09 CVE-2017-11506 Improper Certificate Validation vulnerability in Tenable Nessus
When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection.
network
high complexity
tenable CWE-295
7.4
2017-05-12 CVE-2017-2122 Cross-site Scripting vulnerability in Tenable Nessus
Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
tenable CWE-79
5.4
2017-04-21 CVE-2017-8051 OS Command Injection vulnerability in Tenable Appliance
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI.
network
low complexity
tenable CWE-78
critical
9.8