Tenable Securitycenter — known CVE vulnerabilities
Every CVE whose affected-product data names Tenable Securitycenter, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2017-11508 — CVSS 8.8 (high): SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with…
CVE-2018-1154 — CVSS 8.8 (high): In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery…
CVE-2019-11049 — CVSS 6.5 (medium): In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in…
CVE-2018-1155 — CVSS 5.4 (medium): In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript…
CVE-2019-11050 — CVSS 4.8 (medium): When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26…
CVE-2013-5911 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject…
CVE-2019-11046 — CVSS 3.7 (low): In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be…
CVE-2019-11045 — CVSS 3.7 (low): In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and…
CVE-2019-11044 — CVSS 3.7 (low): In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte…