Vulnerabilities > Tenable > Tenable SC

DATE CVE VULNERABILITY TITLE RISK
2023-02-01 CVE-2023-0524 Unspecified vulnerability in Tenable Nessus, Tenable.Io and Tenable.Sc
As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally.
network
low complexity
tenable
8.8
2023-01-26 CVE-2023-0476 Injection vulnerability in Tenable Tenable.Sc
A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users.
network
low complexity
tenable CWE-74
6.5
2023-01-26 CVE-2023-24493 Improper Input Validation vulnerability in Tenable Tenable.Sc
A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users.
network
low complexity
tenable CWE-20
5.7
2023-01-26 CVE-2023-24494 Cross-site Scripting vulnerability in Tenable Tenable.Sc
A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users.
network
low complexity
tenable CWE-79
5.4
2023-01-26 CVE-2023-24495 Server-Side Request Forgery (SSRF) vulnerability in Tenable Tenable.Sc
A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data.
network
low complexity
tenable CWE-918
6.5
2022-04-13 CVE-2022-24828 Argument Injection or Modification vulnerability in multiple products
Composer is a dependency manager for the PHP programming language.
network
low complexity
getcomposer tenable fedoraproject CWE-88
8.8
2022-04-04 CVE-2022-24785 Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates.
network
low complexity
momentjs tenable netapp fedoraproject debian
7.5
2022-01-14 CVE-2022-0130 Unspecified vulnerability in Tenable Tenable.Sc
Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances.
network
high complexity
tenable
8.1
2021-12-20 CVE-2021-44224 NULL Pointer Dereference vulnerability in multiple products
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).
8.2
2021-12-20 CVE-2021-44790 A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).
network
low complexity
apache fedoraproject debian tenable netapp oracle apple
critical
9.8