Vulnerabilities > Tenable > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-06-21 CVE-2022-32973 Unspecified vulnerability in Tenable Nessus
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
network
low complexity
tenable
critical
 9.0
9.0
2022-01-24 CVE-2022-23852 Integer Overflow or Wraparound vulnerability in multiple products
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
network
low complexity
libexpat-project netapp tenable debian oracle siemens CWE-190
critical
 9.8
9.8
2022-01-10 CVE-2022-22822 Integer Overflow or Wraparound vulnerability in multiple products
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable siemens debian CWE-190
critical
 9.8
9.8
2022-01-10 CVE-2022-22823 Integer Overflow or Wraparound vulnerability in multiple products
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable debian siemens CWE-190
critical
 9.8
9.8
2022-01-10 CVE-2022-22824 Integer Overflow or Wraparound vulnerability in multiple products
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable debian siemens CWE-190
critical
 9.8
9.8
2021-12-20 CVE-2021-44790 Out-of-bounds Write vulnerability in multiple products
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).
network
low complexity
apache fedoraproject debian tenable netapp oracle apple CWE-787
critical
 9.8
9.8
2021-10-05 CVE-2021-41116 Command Injection vulnerability in multiple products
Composer is an open source dependency manager for the PHP language.
network
low complexity
getcomposer tenable CWE-77
critical
 9.8
9.8
2021-08-24 CVE-2021-3711 Classic Buffer Overflow vulnerability in multiple products
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().
network
low complexity
openssl debian netapp oracle tenable CWE-120
critical
 9.8
9.8
2019-12-23 CVE-2019-11049 Double Free vulnerability in multiple products
In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.
network
low complexity
php fedoraproject debian tenable CWE-415
critical
 9.8
9.8
2017-04-21 CVE-2017-8051 OS Command Injection vulnerability in Tenable Appliance
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI.
network
low complexity
tenable CWE-78
critical
 10.0
10