Vulnerabilities > Tenable
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-29 | CVE-2021-21707 | In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. | 5.3 |
| 2021-11-03 | CVE-2021-20135 | Unspecified vulnerability in Tenable Nessus Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. | 4.6 |
| 2021-10-26 | CVE-2021-41182 | Cross-site Scripting vulnerability in multiple products jQuery-UI is the official jQuery user interface library. | 6.1 |
| 2021-10-26 | CVE-2021-41183 | Cross-site Scripting vulnerability in multiple products jQuery-UI is the official jQuery user interface library. | 6.1 |
| 2021-10-26 | CVE-2021-41184 | Cross-site Scripting vulnerability in multiple products jQuery-UI is the official jQuery user interface library. | 6.1 |
| 2021-10-05 | CVE-2021-41116 | Command Injection vulnerability in multiple products Composer is an open source dependency manager for the PHP language. | 9.8 |
| 2021-09-16 | CVE-2021-34798 | NULL Pointer Dereference vulnerability in multiple products Malformed requests may cause the server to dereference a NULL pointer. | 7.5 |
| 2021-09-09 | CVE-2021-20117 | Unspecified vulnerability in Tenable Nessus Agent Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. | 7.2 |
| 2021-09-09 | CVE-2021-20118 | Unspecified vulnerability in Tenable Nessus Agent Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. | 7.2 |
| 2021-08-24 | CVE-2021-3711 | Classic Buffer Overflow vulnerability in multiple products In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). | 9.8 |