Vulnerabilities > Tenable
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-25 | CVE-2022-33757 | Unspecified vulnerability in Tenable Nessus An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. | 6.5 |
| 2022-10-17 | CVE-2022-28291 | Insufficiently Protected Credentials vulnerability in Tenable Nessus Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. | 6.5 |
| 2022-06-21 | CVE-2022-32973 | Unspecified vulnerability in Tenable Nessus An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges. | 9.0 |
| 2022-06-21 | CVE-2022-32974 | Unspecified vulnerability in Tenable Nessus An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials. | 4.0 |
| 2022-04-13 | CVE-2022-24828 | Argument Injection or Modification vulnerability in multiple products Composer is a dependency manager for the PHP programming language. | 8.8 |
| 2022-04-04 | CVE-2022-24785 | Path Traversal: 'dir/../../filename' vulnerability in multiple products Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. | 7.5 |
| 2022-03-15 | CVE-2022-0778 | Infinite Loop vulnerability in multiple products The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. | 7.5 |
| 2022-01-26 | CVE-2022-23990 | Integer Overflow or Wraparound vulnerability in multiple products Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | 7.5 |
| 2022-01-24 | CVE-2022-23852 | Integer Overflow or Wraparound vulnerability in multiple products Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | 9.8 |
| 2022-01-14 | CVE-2022-0130 | Unspecified vulnerability in Tenable Tenable.Sc Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. | 8.1 |