Vulnerabilities > Tenable

DATE CVE VULNERABILITY TITLE RISK
2021-03-19 CVE-2021-20077 Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus Agent
Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.
local
low complexity
tenable CWE-732
7.2
2021-03-10 CVE-2021-21371 Deserialization of Untrusted Data vulnerability in Tenable Jira Cloud
Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state.
local
low complexity
tenable CWE-502
4.6
2021-03-03 CVE-2021-20076 Deserialization of Untrusted Data vulnerability in Tenable Tenable.Sc 5.14.0/5.14.1/5.17.0
Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization.
network
low complexity
tenable CWE-502
6.5
2021-02-16 CVE-2021-23841 The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. 4.3
2021-02-16 CVE-2021-23840 Integer Overflow or Wraparound vulnerability in multiple products
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform.
network
low complexity
openssl debian tenable oracle mcafee fujitsu CWE-190
5.0
2021-02-06 CVE-2020-5812 Improper Certificate Validation vulnerability in Tenable Nessus Amazon Machine Image
Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
network
tenable CWE-295
4.3
2020-12-21 CVE-2020-5808 Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Tenable.Sc 5.14.0/5.14.1
In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration.
network
low complexity
tenable CWE-732
5.0
2020-12-08 CVE-2020-1971 NULL Pointer Dereference vulnerability in multiple products
The X.509 GeneralName type is a generic type for representing different types of names.
4.3
2020-11-06 CVE-2020-5794 Unspecified vulnerability in Tenable Nessus Network Monitor 5.11.0/5.11.1/5.12.0
A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory.
local
low complexity
tenable
4.6
2020-11-05 CVE-2020-5793 Unspecified vulnerability in Tenable Nessus and Nessus Agent
A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory.
local
low complexity
tenable
7.2