CVE-2022-0130

Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server root of the Tenable....

EUVD-2020-26965

Malware in sbrugna...

EUVD-2021-13791

Malware in sbrugna...

EUVD-2020-26896

Malware in sbrugna...

EUVD-2023-12528

Malicious code in bioql PyPI...

EUVD-2023-28512

Malicious code in bioql PyPI...

EUVD-2022-15343

Malicious code in bioql PyPI...

EUVD-2023-28511

Malicious code in bioql PyPI...

EUVD-2021-7538

Malicious code in bioql PyPI...

EUVD-2023-28513

Malicious code in bioql PyPI...

CVE-2023-24493

A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a...

CVE-2023-24495

A Server Side Request Forgery SSRF vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly...

CVE-2023-24494

A stored cross-site scripting XSS vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user...

CVE-2021-27018

The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source...

CVE-2021-20076

Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution RCE on the Tenable.sc server via Hypertext Preprocessor unserialization...

CVE-2020-5808

In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration...

[R1] Stand-alone Security Patches Available for Tenable.sc versions 5.22.0, 5.23.1, and 6.0.0: SC-202303.2

R1 Stand-alone Security Patches Available for Tenable.sc versions 5.22.0, 5.23.1, and 6.0.0: SC-202303.2 Arnie Cabral Tue, 03/28/2023 - 11:10 Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components in use Apache was found to contain...

[R2] Tenable.sc Version 6.1.0 Fixes Multiple Vulnerabilities

R2 Tenable.sc Version 6.1.0 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 03/22/2023 - 11:21 Tenable.sc leverages third-party software to help provide underlying functionality. Several of the third-party components in use Apache, PHP were found to contain vulnerabilities, and updated versions...

[R1] Stand-alone Security Patch Available for Tenable.sc version 5.23.1: SC-202303.1-5

R1 Stand-alone Security Patch Available for Tenable.sc version 5.23.1: SC-202303.1-5 Arnie Cabral Wed, 03/01/2023 - 09:56 Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated...

[R1] Stand-alone Security Patch Available for Tenable.sc version 6.0.0: SC-202303.1-6

R1 Stand-alone Security Patch Available for Tenable.sc version 6.0.0: SC-202303.1-6 Arnie Cabral Wed, 03/01/2023 - 08:50 Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and updated...