Vulnerabilities > Tenable > Tenable SC > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2023-0476 Injection vulnerability in Tenable Tenable.Sc
A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users.
network
low complexity
tenable CWE-74
6.5
2023-01-26 CVE-2023-24493 Improper Input Validation vulnerability in Tenable Tenable.Sc
A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users.
network
low complexity
tenable CWE-20
5.7
2023-01-26 CVE-2023-24494 Cross-site Scripting vulnerability in Tenable Tenable.Sc
A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users.
network
low complexity
tenable CWE-79
5.4
2023-01-26 CVE-2023-24495 Server-Side Request Forgery (SSRF) vulnerability in Tenable Tenable.Sc
A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data.
network
low complexity
tenable CWE-918
6.5
2021-11-29 CVE-2021-21707 In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them.
network
low complexity
php netapp debian tenable
5.3
2021-10-26 CVE-2021-41182 jQuery-UI is the official jQuery user interface library. 6.1
2021-10-26 CVE-2021-41183 jQuery-UI is the official jQuery user interface library. 6.1
2021-10-26 CVE-2021-41184 jQuery-UI is the official jQuery user interface library. 6.1
2021-03-25 CVE-2021-3449 NULL Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
5.9
2021-02-16 CVE-2021-23841 NULL Pointer Dereference vulnerability in multiple products
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate.
5.9