Vulnerabilities > Tenable > Tenable SC > 5.13.0

DATE CVE VULNERABILITY TITLE RISK
2021-10-05 CVE-2021-41116 Command Injection vulnerability in multiple products
Composer is an open source dependency manager for the PHP language.
network
low complexity
getcomposer tenable CWE-77
critical
9.8
2021-09-16 CVE-2021-34798 NULL Pointer Dereference vulnerability in multiple products
Malformed requests may cause the server to dereference a NULL pointer.
7.5
2021-09-16 CVE-2021-40438 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
9.0
2021-08-16 CVE-2021-33193 A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.
network
low complexity
apache fedoraproject tenable oracle
7.5
2021-03-29 CVE-2021-23358 Code Injection vulnerability in multiple products
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
7.2
2021-03-25 CVE-2021-3449 NULL Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
5.9
2021-03-03 CVE-2021-20076 Deserialization of Untrusted Data vulnerability in Tenable Tenable.Sc
Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization.
network
low complexity
tenable CWE-502
8.8
2021-02-16 CVE-2021-23841 NULL Pointer Dereference vulnerability in multiple products
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate.
5.9
2020-12-21 CVE-2020-5808 Unspecified vulnerability in Tenable Tenable.Sc
In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration.
network
low complexity
tenable
7.5
2020-10-02 CVE-2020-7070 Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded.
5.3