Vulnerabilities > Tenable > High

DATE CVE VULNERABILITY TITLE RISK
2020-12-21 CVE-2020-5808 Unspecified vulnerability in Tenable Tenable.Sc
In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration.
network
low complexity
tenable
7.5
2020-11-06 CVE-2020-5794 Unspecified vulnerability in Tenable Nessus Network Monitor 5.11.0/5.11.1/5.12.0
A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory.
local
low complexity
tenable
7.8
2020-11-05 CVE-2020-5793 Unspecified vulnerability in Tenable Nessus and Nessus Agent
A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory.
local
low complexity
tenable
7.8
2020-08-21 CVE-2020-5774 Insufficient Session Expiration vulnerability in Tenable Nessus
Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios.
local
low complexity
tenable CWE-613
7.1
2020-04-27 CVE-2020-7067 Out-of-bounds Read vulnerability in multiple products
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
network
low complexity
php tenable oracle debian CWE-125
7.5
2020-04-21 CVE-2020-1967 NULL Pointer Dereference vulnerability in multiple products
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension.
7.5
2020-04-09 CVE-2020-11655 Improper Initialization vulnerability in multiple products
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
7.5
2020-04-01 CVE-2020-7065 Out-of-bounds Write vulnerability in multiple products
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer.
network
low complexity
php debian canonical tenable CWE-787
8.8
2019-12-23 CVE-2019-11044 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte.
network
low complexity
php tenable fedoraproject
7.5
2019-08-15 CVE-2019-3974 Unspecified vulnerability in Tenable Nessus
Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition.
network
low complexity
tenable
8.1