Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-26	CVE-2023-0476	Injection vulnerability in Tenable Tenable.Sc A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. network low complexity tenable CWE-74	6.5
2023-01-26	CVE-2023-24493	Improper Input Validation vulnerability in Tenable Tenable.Sc A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. network low complexity tenable CWE-20	5.7
2023-01-26	CVE-2023-24494	Cross-site Scripting vulnerability in Tenable Tenable.Sc A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. network low complexity tenable CWE-79	5.4
2023-01-26	CVE-2023-24495	Server-Side Request Forgery (SSRF) vulnerability in Tenable Tenable.Sc A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. network low complexity tenable CWE-918	6.5
2021-11-29	CVE-2021-21707	In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. network low complexity php netapp debian tenable	5.3
2021-10-26	CVE-2021-41182	Cross-site Scripting vulnerability in multiple products jQuery-UI is the official jQuery user interface library. network low complexity jqueryui fedoraproject netapp debian drupal oracle tenable CWE-79	6.1
2021-10-26	CVE-2021-41183	Cross-site Scripting vulnerability in multiple products jQuery-UI is the official jQuery user interface library. network low complexity jqueryui fedoraproject netapp debian drupal oracle tenable CWE-79	6.1
2021-10-26	CVE-2021-41184	Cross-site Scripting vulnerability in multiple products jQuery-UI is the official jQuery user interface library. network low complexity jqueryui fedoraproject netapp drupal tenable oracle CWE-79	6.1
2021-03-25	CVE-2021-3449	NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. network high complexity openssl debian freebsd netapp tenable fedoraproject mcafee checkpoint oracle sonicwall siemens nodejs CWE-476	5.9
2021-02-16	CVE-2021-23841	NULL Pointer Dereference vulnerability in multiple products The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. network high complexity openssl debian tenable apple netapp oracle siemens CWE-476	5.9