Vulnerabilities > Tenable > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-09 | CVE-2020-7068 | Use After Free vulnerability in multiple products In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure. | 3.3 |
| 2020-08-21 | CVE-2020-5774 | Insufficient Session Expiration vulnerability in Tenable Nessus Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. | 3.6 |
| 2020-07-15 | CVE-2020-5765 | Cross-site Scripting vulnerability in Tenable Nessus Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. | 3.5 |
| 2020-04-17 | CVE-2020-5737 | Cross-site Scripting vulnerability in Tenable Tenable.Sc 5.14.0/5.14.1 Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. | 3.5 |
| 2019-12-27 | CVE-2016-1000028 | Cross-site Scripting vulnerability in Tenable Nessus Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. | 3.5 |
| 2019-12-27 | CVE-2016-1000029 | Cross-site Scripting vulnerability in Tenable Nessus Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269). | 3.5 |
| 2019-12-09 | CVE-2019-19645 | Uncontrolled Recursion vulnerability in multiple products alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. | 2.1 |
| 2019-02-12 | CVE-2019-3923 | Cross-site Scripting vulnerability in Tenable Nessus Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. | 3.5 |
| 2018-08-02 | CVE-2018-1154 | Unspecified vulnerability in Tenable Securitycenter In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. low complexity tenable | 3.3 |
| 2018-08-02 | CVE-2018-1155 | Cross-site Scripting vulnerability in Tenable Securitycenter In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. | 3.5 |