Vulnerabilities > Tenable > Tenable SC > High

DATE CVE VULNERABILITY TITLE RISK
2023-02-01 CVE-2023-0524 Unspecified vulnerability in Tenable Nessus, Tenable.Io and Tenable.Sc
As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally.
network
low complexity
tenable
8.8
2022-04-13 CVE-2022-24828 Argument Injection or Modification vulnerability in multiple products
Composer is a dependency manager for the PHP programming language.
network
low complexity
getcomposer tenable fedoraproject CWE-88
8.8
2022-04-04 CVE-2022-24785 Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates.
network
low complexity
momentjs tenable netapp fedoraproject debian
7.5
2022-01-14 CVE-2022-0130 Unspecified vulnerability in Tenable Tenable.Sc
Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances.
network
high complexity
tenable
8.1
2021-12-20 CVE-2021-44224 NULL Pointer Dereference vulnerability in multiple products
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).
8.2
2021-09-16 CVE-2021-34798 NULL Pointer Dereference vulnerability in multiple products
Malformed requests may cause the server to dereference a NULL pointer.
7.5
2021-08-24 CVE-2021-3712 Out-of-bounds Read vulnerability in multiple products
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length.
7.4
2021-08-16 CVE-2021-33193 A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.
network
low complexity
apache fedoraproject tenable oracle
7.5
2021-03-29 CVE-2021-23358 Code Injection vulnerability in multiple products
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
7.2
2021-03-03 CVE-2021-20076 Deserialization of Untrusted Data vulnerability in Tenable Tenable.Sc
Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization.
network
low complexity
tenable CWE-502
8.8