Vulnerabilities > Tenable

DATE CVE VULNERABILITY TITLE RISK
2020-07-15 CVE-2020-5765 Cross-site Scripting vulnerability in Tenable Nessus
Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration.
network
low complexity
tenable CWE-79
5.4
2020-04-29 CVE-2020-11022 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. 6.1
2020-04-29 CVE-2020-11023 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. 6.1
2020-04-27 CVE-2020-7067 Out-of-bounds Read vulnerability in multiple products
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
network
low complexity
php tenable oracle debian CWE-125
7.5
2020-04-21 CVE-2020-1967 NULL Pointer Dereference vulnerability in multiple products
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension.
7.5
2020-04-17 CVE-2020-5737 Cross-site Scripting vulnerability in Tenable Tenable.Sc 5.14.0/5.14.1
Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session.
network
low complexity
tenable CWE-79
5.4
2020-04-09 CVE-2020-11656 Use After Free vulnerability in multiple products
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
network
low complexity
sqlite netapp oracle siemens tenable CWE-416
critical
9.8
2020-04-09 CVE-2020-11655 Improper Initialization vulnerability in multiple products
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
7.5
2020-04-01 CVE-2020-7066 In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it.
network
low complexity
php tenable opensuse debian
4.3
2020-04-01 CVE-2020-7065 Out-of-bounds Write vulnerability in multiple products
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer.
network
low complexity
php debian canonical tenable CWE-787
8.8