Tenable

Securitycenter

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-2698

  • EPSS 0.03%
  • Veröffentlicht 23.02.2026 16:28:07
  • Zuletzt bearbeitet 26.02.2026 16:39:12

An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.

8.8

CVE-2026-2697

  • EPSS 0.11%
  • Veröffentlicht 23.02.2026 15:17:13
  • Zuletzt bearbeitet 26.02.2026 16:44:54

An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.

8.8

CVE-2026-2630

  • EPSS 0.35%
  • Veröffentlicht 17.02.2026 18:19:38
  • Zuletzt bearbeitet 18.02.2026 17:51:53

A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.

4.3

CVE-2025-36636

  • EPSS 0.04%
  • Veröffentlicht 08.10.2025 15:19:33
  • Zuletzt bearbeitet 09.10.2025 14:15:55

In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.

2.7

CVE-2024-12174

  • EPSS 0.06%
  • Veröffentlicht 09.12.2024 22:15:22
  • Zuletzt bearbeitet 09.12.2024 22:15:22

An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.

8.8

CVE-2023-2005

  • EPSS 0.26%
  • Veröffentlicht 26.06.2023 18:15:09
  • Zuletzt bearbeitet 03.12.2024 19:15:06

Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . Th...

5.9

CVE-2019-11045

Exploit
  • EPSS 40.95%
  • Veröffentlicht 23.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:26

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications check...

5.3

CVE-2019-11046

  • EPSS 8.25%
  • Veröffentlicht 23.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:26

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are ide...

9.8

CVE-2019-11049

  • EPSS 2.73%
  • Veröffentlicht 23.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:27

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double...

6.5

CVE-2019-11050

Exploit
  • EPSS 3.12%
  • Veröffentlicht 23.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:27

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocate...