Vulnerabilities > Tenable > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-09 | CVE-2019-11041 | Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. | 7.1 |
| 2019-06-24 | CVE-2018-20843 | XXE vulnerability in multiple products In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). network low complexity libexpat-project canonical debian fedoraproject opensuse oracle tenable CWE-611 | 7.5 |
| 2018-08-02 | CVE-2018-1154 | Unspecified vulnerability in Tenable Securitycenter In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. low complexity tenable | 8.8 |
| 2018-03-20 | CVE-2018-1141 | Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. | 7.0 |
| 2018-03-04 | CVE-2017-18214 | Resource Exhaustion vulnerability in multiple products The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. | 7.5 |
| 2017-11-02 | CVE-2017-11508 | SQL Injection vulnerability in Tenable Securitycenter 5.5.0/5.5.1/5.5.2 SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. | 8.8 |
| 2017-08-09 | CVE-2017-11506 | Improper Certificate Validation vulnerability in Tenable Nessus When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. | 7.4 |
| 2017-04-21 | CVE-2017-8050 | Unspecified vulnerability in Tenable Appliance Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password. | 7.5 |
| 2017-04-19 | CVE-2017-7850 | Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. | 7.8 |
| 2017-03-23 | CVE-2017-7199 | Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. | 7.8 |