Filtered by vendor Tenable
Subscriptions
Total
144 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9260 | 1 Tenable | 1 Nessus | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files. | ||||
| CVE-2016-9259 | 1 Tenable | 1 Nessus | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-4448 | 9 Apple, Hp, Mcafee and 6 more | 22 Icloud, Iphone Os, Itunes and 19 more | 2024-08-06 | 9.8 Critical |
| Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | ||||
| CVE-2016-4055 | 3 Momentjs, Oracle, Tenable | 3 Moment, Primavera Unifier, Nessus | 2024-08-06 | 6.5 Medium |
| The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." | ||||
| CVE-2017-18214 | 3 Momentjs, Redhat, Tenable | 3 Moment, Jboss Enterprise Application Platform, Nessus | 2024-08-05 | 7.5 High |
| The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. | ||||
| CVE-2017-7850 | 1 Tenable | 1 Nessus | 2024-08-05 | N/A |
| Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. | ||||
| CVE-2017-7849 | 1 Tenable | 1 Nessus | 2024-08-05 | N/A |
| Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. | ||||
| CVE-2017-7199 | 1 Tenable | 1 Nessus | 2024-08-05 | N/A |
| Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue. | ||||
| CVE-2017-6543 | 2 Microsoft, Tenable | 3 Windows, Appliance, Nessus | 2024-08-05 | N/A |
| Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows. | ||||
| CVE-2017-5179 | 1 Tenable | 1 Nessus | 2024-08-05 | N/A |
| Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-2122 | 1 Tenable | 1 Nessus | 2024-08-05 | N/A |
| Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-20843 | 8 Canonical, Debian, Fedoraproject and 5 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-08-05 | 7.5 High |
| In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). | ||||
| CVE-2018-5407 | 7 Canonical, Debian, Nodejs and 4 more | 23 Ubuntu Linux, Debian Linux, Node.js and 20 more | 2024-08-05 | 4.7 Medium |
| Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. | ||||
| CVE-2019-19919 | 3 Handlebars.js Project, Redhat, Tenable | 3 Handlebars.js, Jboss Enterprise Bpms Platform, Tenable.sc | 2024-08-05 | 9.8 Critical |
| Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads. | ||||
| CVE-2019-19645 | 5 Netapp, Oracle, Siemens and 2 more | 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more | 2024-08-05 | 5.5 Medium |
| alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. | ||||
| CVE-2019-19646 | 5 Netapp, Oracle, Siemens and 2 more | 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more | 2024-08-05 | 9.8 Critical |
| pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. | ||||
| CVE-2019-16168 | 9 Canonical, Debian, Fedoraproject and 6 more | 21 Ubuntu Linux, Debian Linux, Fedora and 18 more | 2024-08-05 | 6.5 Medium |
| In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." | ||||
| CVE-2019-8331 | 4 F5, Getbootstrap, Redhat and 1 more | 22 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 19 more | 2024-08-04 | 6.1 Medium |
| In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. | ||||
| CVE-2019-3982 | 1 Tenable | 1 Nessus | 2024-08-04 | 6.5 Medium |
| Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive. | ||||
| CVE-2019-3961 | 1 Tenable | 1 Nessus | 2024-08-04 | N/A |
| Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a users browser session. | ||||