Vulnerabilities > Tenable
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-19 | CVE-2021-20077 | Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus Agent Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host. | 7.2 |
| 2021-03-10 | CVE-2021-21371 | Deserialization of Untrusted Data vulnerability in Tenable Jira Cloud Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. | 4.6 |
| 2021-03-03 | CVE-2021-20076 | Deserialization of Untrusted Data vulnerability in Tenable Tenable.Sc 5.14.0/5.14.1/5.17.0 Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization. | 6.5 |
| 2021-02-16 | CVE-2021-23841 | The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. | 4.3 |
| 2021-02-16 | CVE-2021-23840 | Integer Overflow or Wraparound vulnerability in multiple products Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. | 5.0 |
| 2021-02-06 | CVE-2020-5812 | Improper Certificate Validation vulnerability in Tenable Nessus Amazon Machine Image Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | 4.3 |
| 2020-12-21 | CVE-2020-5808 | Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Tenable.Sc 5.14.0/5.14.1 In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration. | 5.0 |
| 2020-12-08 | CVE-2020-1971 | NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. | 4.3 |
| 2020-11-06 | CVE-2020-5794 | Unspecified vulnerability in Tenable Nessus Network Monitor 5.11.0/5.11.1/5.12.0 A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. | 4.6 |
| 2020-11-05 | CVE-2020-5793 | Unspecified vulnerability in Tenable Nessus and Nessus Agent A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. | 7.2 |