Vulnerabilities > Tenable

DATE CVE VULNERABILITY TITLE RISK
2021-02-16 CVE-2021-23840 Integer Overflow or Wraparound vulnerability in multiple products
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform.
7.5
2021-02-06 CVE-2020-5812 Improper Certificate Validation vulnerability in Tenable Nessus Amazon Machine Image 8.12.0
Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
network
high complexity
tenable CWE-295
5.9
2020-12-21 CVE-2020-5808 Unspecified vulnerability in Tenable Tenable.Sc
In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration.
network
low complexity
tenable
7.5
2020-12-08 CVE-2020-1971 NULL Pointer Dereference vulnerability in multiple products
The X.509 GeneralName type is a generic type for representing different types of names.
5.9
2020-11-06 CVE-2020-5794 Unspecified vulnerability in Tenable Nessus Network Monitor 5.11.0/5.11.1/5.12.0
A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory.
local
low complexity
tenable
7.8
2020-11-05 CVE-2020-5793 Unspecified vulnerability in Tenable Nessus and Nessus Agent
A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory.
local
low complexity
tenable
7.8
2020-10-02 CVE-2020-7070 Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded.
5.3
2020-10-02 CVE-2020-7069 Inadequate Encryption Strength vulnerability in multiple products
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used.
6.5
2020-09-09 CVE-2020-7068 Use After Free vulnerability in multiple products
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
local
high complexity
php debian tenable CWE-416
3.6
2020-08-21 CVE-2020-5774 Insufficient Session Expiration vulnerability in Tenable Nessus
Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios.
local
low complexity
tenable CWE-613
7.1