5.14.0

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-26	CVE-2023-0476	Injection vulnerability in Tenable Tenable.Sc A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. network low complexity tenable CWE-74	6.5
2023-01-26	CVE-2023-24493	Improper Input Validation vulnerability in Tenable Tenable.Sc A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. network low complexity tenable CWE-20	5.7
2023-01-26	CVE-2023-24494	Cross-site Scripting vulnerability in Tenable Tenable.Sc A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. network low complexity tenable CWE-79	5.4
2023-01-26	CVE-2023-24495	Server-Side Request Forgery (SSRF) vulnerability in Tenable Tenable.Sc A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. network low complexity tenable CWE-918	6.5
2022-04-13	CVE-2022-24828	Argument Injection or Modification vulnerability in multiple products Composer is a dependency manager for the PHP programming language. network low complexity getcomposer tenable fedoraproject CWE-88	8.8
2022-04-04	CVE-2022-24785	Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. network low complexity momentjs tenable netapp fedoraproject debian	7.5
2022-01-14	CVE-2022-0130	Unspecified vulnerability in Tenable Tenable.Sc Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. network high complexity tenable	8.1
2021-12-20	CVE-2021-44224	NULL Pointer Dereference vulnerability in multiple products A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). network low complexity apache fedoraproject debian tenable oracle apple CWE-476	8.2
2021-11-29	CVE-2021-21707	In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. network low complexity php netapp debian tenable	5.3
2021-10-26	CVE-2021-41182	jQuery-UI is the official jQuery user interface library. network low complexity jqueryui fedoraproject netapp debian drupal oracle tenable	6.1