Vulnerabilities > Tenable > High

DATE CVE VULNERABILITY TITLE RISK
2019-08-09 CVE-2019-11042 Out-of-bounds Read vulnerability in multiple products
When PHP EXIF extension is parsing EXIF information from an image, e.g.
7.1
2019-08-09 CVE-2019-11041 Out-of-bounds Read vulnerability in multiple products
When PHP EXIF extension is parsing EXIF information from an image, e.g.
7.1
2019-06-24 CVE-2018-20843 XXE vulnerability in multiple products
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
7.5
2018-08-02 CVE-2018-1154 Unspecified vulnerability in Tenable Securitycenter
In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access.
low complexity
tenable
8.8
2018-03-20 CVE-2018-1141 Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus
When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories.
local
high complexity
tenable CWE-732
7.0
2018-03-04 CVE-2017-18214 Resource Exhaustion vulnerability in multiple products
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
network
low complexity
momentjs tenable CWE-400
7.5
2017-11-02 CVE-2017-11508 SQL Injection vulnerability in Tenable Securitycenter 5.5.0/5.5.1/5.5.2
SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans.
network
low complexity
tenable CWE-89
8.8
2017-08-09 CVE-2017-11506 Improper Certificate Validation vulnerability in Tenable Nessus
When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection.
network
high complexity
tenable CWE-295
7.4
2017-04-21 CVE-2017-8050 Unspecified vulnerability in Tenable Appliance
Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password.
network
low complexity
tenable
7.5
2017-04-19 CVE-2017-7850 Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode.
local
low complexity
tenable CWE-732
7.8