Vulnerabilities > Tenable

DATE CVE VULNERABILITY TITLE RISK
2021-10-26 CVE-2021-41184 jQuery-UI is the official jQuery user interface library. 6.1
2021-10-05 CVE-2021-41116 Command Injection vulnerability in multiple products
Composer is an open source dependency manager for the PHP language.
network
low complexity
getcomposer tenable CWE-77
critical
9.8
2021-09-16 CVE-2021-34798 NULL Pointer Dereference vulnerability in multiple products
Malformed requests may cause the server to dereference a NULL pointer.
7.5
2021-09-16 CVE-2021-40438 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
9.0
2021-09-09 CVE-2021-20117 Unspecified vulnerability in Tenable Nessus Agent
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host.
local
low complexity
tenable
6.7
2021-09-09 CVE-2021-20118 Unspecified vulnerability in Tenable Nessus Agent
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host.
local
low complexity
tenable
6.7
2021-08-24 CVE-2021-3711 Classic Buffer Overflow vulnerability in multiple products
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().
network
low complexity
openssl debian netapp oracle tenable CWE-120
critical
9.8
2021-08-24 CVE-2021-3712 Out-of-bounds Read vulnerability in multiple products
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length.
7.4
2021-08-16 CVE-2021-33193 A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.
network
low complexity
apache fedoraproject tenable oracle
7.5
2021-07-21 CVE-2021-20106 Unspecified vulnerability in Tenable Nessus
Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.
local
low complexity
tenable
6.5