High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-01	CVE-2023-0524	Unspecified vulnerability in Tenable Nessus, Tenable.Io and Tenable.Sc As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. network low complexity tenable	8.8
2022-04-13	CVE-2022-24828	Argument Injection or Modification vulnerability in multiple products Composer is a dependency manager for the PHP programming language. network low complexity getcomposer tenable fedoraproject CWE-88	8.8
2022-04-04	CVE-2022-24785	Path Traversal: 'dir/../../filename' vulnerability in multiple products Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. network low complexity momentjs tenable netapp fedoraproject debian CWE-27	7.5
2022-01-14	CVE-2022-0130	Unspecified vulnerability in Tenable Tenable.Sc Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. network high complexity tenable	8.1
2021-12-20	CVE-2021-44224	NULL Pointer Dereference vulnerability in multiple products A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). network low complexity apache fedoraproject debian tenable oracle apple CWE-476	8.2
2021-09-16	CVE-2021-34798	NULL Pointer Dereference vulnerability in multiple products Malformed requests may cause the server to dereference a NULL pointer. network low complexity apache fedoraproject debian netapp tenable oracle broadcom siemens CWE-476	7.5
2021-08-24	CVE-2021-3712	Out-of-bounds Read vulnerability in multiple products ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. network high complexity openssl debian netapp mcafee tenable oracle siemens CWE-125	7.4
2021-08-16	CVE-2021-33193	A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. network low complexity apache fedoraproject tenable oracle	7.5
2021-03-29	CVE-2021-23358	Code Injection vulnerability in multiple products The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized. network low complexity underscorejs debian tenable fedoraproject CWE-94	7.2
2021-03-03	CVE-2021-20076	Deserialization of Untrusted Data vulnerability in Tenable Tenable.Sc Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization. network low complexity tenable CWE-502	8.8