Tenable
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Tenable product.
RSS Feeds for Tenable security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Tenable products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Tenable Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2025 there have been 0 vulnerabilities in Tenable. Last year, in 2024 Tenable had 9 security vulnerabilities published. Right now, Tenable is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 9 | 5.86 |
2023 | 16 | 6.99 |
2022 | 19 | 8.23 |
2021 | 25 | 7.36 |
2020 | 22 | 6.82 |
2019 | 20 | 6.84 |
2018 | 8 | 6.34 |
It may take a day or so for new Tenable vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tenable Security Vulnerabilities
Tenable Security Center: Improper Certificate Validation in SMTP Server Communication
CVE-2024-12174
- December 09, 2024
An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.
A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI
CVE-2024-9158
4.6 - Medium
- September 30, 2024
A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI.
XSS
A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application s
CVE-2024-1891
5.4 - Medium
- June 12, 2024
A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page.
XSS
An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch s
CVE-2024-5759
6.3 - Medium
- June 12, 2024
An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges
Improper Privilege Management
A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could
CVE-2024-1683
7.3 - High
- February 23, 2024
A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services.
Shell injection
A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters
CVE-2024-1367
7.2 - High
- February 14, 2024
A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.
Shell injection
An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters
CVE-2024-1471
4.8 - Medium
- February 14, 2024
An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks.
XSS
A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter s
CVE-2024-0971
6.5 - Medium
- February 07, 2024
A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.
SQL Injection
A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings
CVE-2024-0955
4.8 - Medium
- February 07, 2024
A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.
XSS
An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host
CVE-2023-6178
6.5 - Medium
- November 20, 2023
An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.
Memory Corruption
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host
CVE-2023-6062
6.5 - Medium
- November 20, 2023
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.
Memory Corruption
NNM failed to properly set ACLs on its installation directory, which could
CVE-2023-5623
7.8 - High
- October 26, 2023
NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location
Code Injection
Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation
CVE-2023-5624
7.2 - High
- October 26, 2023
Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection.
Improper Input Validation
Under certain conditions, Nessus Network Monitor could
CVE-2023-5622
8.8 - High
- October 26, 2023
Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file.
Improper Privilege Management
An improper authorization vulnerability exists where an authenticated
CVE-2023-3253
4.3 - Medium
- August 29, 2023
An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application.
A pass-back vulnerability exists where an authenticated
CVE-2023-3251
4.9 - Medium
- August 29, 2023
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0.
Insufficiently Protected Credentials
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data
CVE-2023-3252
6.5 - Medium
- August 29, 2023
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.
Vulnerability in Tenable Tenable.Io
CVE-2023-2005
8.8 - High
- June 26, 2023
Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.
A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products
CVE-2022-4313
8.8 - High
- March 15, 2023
A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.
As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally
CVE-2023-0524
8.8 - High
- February 01, 2023
As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055.
A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users
CVE-2023-24494
5.4 - Medium
- January 26, 2023
A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.
XSS
A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users
CVE-2023-24493
5.7 - Medium
- January 26, 2023
A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host.
Improper Input Validation
A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users
CVE-2023-0476
6.5 - Medium
- January 26, 2023
A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection.
Injection
A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data
CVE-2023-24495
6.5 - Medium
- January 26, 2023
A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly.
SSRF
A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1
CVE-2023-0101
8.8 - High
- January 20, 2023
A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host.
Improper Privilege Management
An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially
CVE-2022-3499
6.5 - Medium
- October 31, 2022
An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present.
Insertion of Sensitive Information into Log File
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so
CVE-2022-33757
6.5 - Medium
- October 25, 2022
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.
Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the nessusd process in cleartext
CVE-2022-28291
6.5 - Medium
- October 17, 2022
Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the nessusd process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers network of assets.
Insufficiently Protected Credentials
An authenticated attacker could create an audit file
CVE-2022-32973
8.8 - High
- June 21, 2022
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
An authenticated attacker could read arbitrary files
CVE-2022-32974
6.5 - Medium
- June 21, 2022
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.
Composer is a dependency manager for the PHP programming language
CVE-2022-24828
8.8 - High
- April 13, 2022
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report.
Argument Injection
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates
CVE-2022-24785
7.5 - High
- April 04, 2022
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
Directory traversal
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli
CVE-2022-0778
7.5 - High
- March 15, 2022
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
Infinite Loop
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
CVE-2022-23990
7.5 - High
- January 26, 2022
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
Integer Overflow or Wraparound
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer
CVE-2022-23852
9.8 - Critical
- January 24, 2022
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
Integer Overflow or Wraparound
Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could
CVE-2022-0130
8.1 - High
- January 14, 2022
Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server root of the Tenable.sc host prior to remote exploitation.
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22826
8.8 - High
- January 10, 2022
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Integer Overflow or Wraparound
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22827
8.8 - High
- January 10, 2022
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Integer Overflow or Wraparound
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22822
9.8 - Critical
- January 10, 2022
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Integer Overflow or Wraparound
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22823
9.8 - Critical
- January 10, 2022
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Integer Overflow or Wraparound
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22824
9.8 - Critical
- January 10, 2022
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Integer Overflow or Wraparound
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22825
8.8 - High
- January 10, 2022
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Integer Overflow or Wraparound
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3
CVE-2021-46143
7.8 - High
- January 06, 2022
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
Integer Overflow or Wraparound
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c
CVE-2021-45960
8.8 - High
- January 01, 2022
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
Incorrect Calculation
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts)
CVE-2021-44790
9.8 - Critical
- December 20, 2021
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
Memory Corruption
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can
CVE-2021-44224
8.2 - High
- December 20, 2021
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
NULL Pointer Dereference
In PHP versions 7.3.x below 7.3.33
CVE-2021-21707
5.3 - Medium
- November 29, 2021
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could
CVE-2021-20135
6.7 - Medium
- November 03, 2021
Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/nessus).
jQuery-UI is the official jQuery user interface library
CVE-2021-41184
6.1 - Medium
- October 26, 2021
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
XSS
jQuery-UI is the official jQuery user interface library
CVE-2021-41183
6.1 - Medium
- October 26, 2021
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
XSS