Vulnerabilities > Tenable > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-21 | CVE-2022-32973 | Unspecified vulnerability in Tenable Nessus An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges. | 9.0 |
2022-01-24 | CVE-2022-23852 | Integer Overflow or Wraparound vulnerability in multiple products Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | 9.8 |
2022-01-10 | CVE-2022-22822 | Integer Overflow or Wraparound vulnerability in multiple products addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 9.8 |
2022-01-10 | CVE-2022-22823 | Integer Overflow or Wraparound vulnerability in multiple products build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 9.8 |
2022-01-10 | CVE-2022-22824 | Integer Overflow or Wraparound vulnerability in multiple products defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 9.8 |
2021-12-20 | CVE-2021-44790 | Out-of-bounds Write vulnerability in multiple products A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). | 9.8 |
2021-10-05 | CVE-2021-41116 | Command Injection vulnerability in multiple products Composer is an open source dependency manager for the PHP language. | 9.8 |
2021-08-24 | CVE-2021-3711 | Classic Buffer Overflow vulnerability in multiple products In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). | 9.8 |
2019-12-23 | CVE-2019-11049 | Double Free vulnerability in multiple products In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations. | 9.8 |
2017-04-21 | CVE-2017-8051 | OS Command Injection vulnerability in Tenable Appliance Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. | 10.0 |