Vulnerabilities > Tenable

DATE CVE VULNERABILITY TITLE RISK
2021-08-24 CVE-2021-3712 Out-of-bounds Read vulnerability in multiple products
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length.
7.4
2021-08-16 CVE-2021-33193 A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.
network
low complexity
apache fedoraproject tenable oracle
7.5
2021-07-21 CVE-2021-20106 Unspecified vulnerability in Tenable Nessus
Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.
network
tenable
8.5
2021-06-29 CVE-2021-20079 Unspecified vulnerability in Tenable Nessus
Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.
local
low complexity
tenable
7.2
2021-06-28 CVE-2021-20099 Unspecified vulnerability in Tenable Nessus
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host.
local
low complexity
tenable
4.6
2021-06-28 CVE-2021-20100 Unspecified vulnerability in Tenable Nessus
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host.
local
low complexity
tenable
4.6
2021-03-29 CVE-2021-23358 Code Injection vulnerability in multiple products
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
7.2
2021-03-25 CVE-2021-3450 Improper Certificate Validation vulnerability in multiple products
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain.
7.4
2021-03-25 CVE-2021-3449 NULL Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
5.9
2021-03-19 CVE-2021-20077 Unspecified vulnerability in Tenable Nessus Agent
Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance.
local
low complexity
tenable
6.7