Tenable Research Advisories -

This page contains information regarding security vulnerabilities in third-party software discovered by a dedicated team supported by researchers and engineers at Tenable. Tenable believes in coordinated disclosure, working with vendors to better protect our customers. Here is our public key. Please refer to our Vulnerability Disclosure Policy for additional details.

For issues that impact Tenable products, please visit the Tenable Product Security Advisories. For more details on submitting vulnerability information for Tenable products, please see our Vulnerability Reporting Guidelines page.

Find a vulnerability in a Tenable product?

Please report it here

Report

Date	Advisory ID	Name	Severity	CVE ID
December 14, 2018	TRA-2018-45	[R1] Advantech WebAccess Stack Buffer Overflow	Critical	CVE-2018-18999
December 12, 2018	TRA-2018-44	[R1] Open Dental Multiple Vulnerabilities	Critical	CVE-2018-15717 CVE-2018-15718 CVE-2018-15719
December 5, 2018	TRA-2018-43	[R2] Jenkins Forced Migration of User Records	Medium	CVE-2018-1000863
December 5, 2018	TRA-2018-42	[R1] Cisco Energy Management Suite Default PostgreSQL Credentials	Medium	CVE-2018-0468
November 29, 2018	TRA-2018-41	[R1] NUUO NVRMini2 Authenticated Command Injection	Critical	CVE-2018-15716
November 29, 2018	TRA-2018-40	[R2] Zoom Message Spoofing	Critical	CVE-2018-15715
November 26, 2018	TRA-2018-39	[R1] Multiple HPE Moonshot Provisioning Manager Vulnerabilities	High
November 26, 2018	TRA-2018-38	[R1] Multiple Schneider Electric Modicon Quantum Vulnerabilities	Critical	CVE-2018-7809 CVE-2018-7810 CVE-2018-7811 CVE-2018-7830 CVE-2018-7831
November 13, 2018	TRA-2018-37	[R1] Nagios XI Multiple Vulnerabilities	High	CVE-2018-15708 CVE-2018-15709 CVE-2018-15710 CVE-2018-15711 CVE-2018-15712 CVE-2018-15713 CVE-2018-15714
November 9, 2018	TRA-2018-36	[R1] Cisco Energy Management Suite Multiple Vulnerabilities	Critical	CVE-2018-15444 CVE-2018-15445
October 31, 2018	TRA-2018-35	[R1] Multiple Advantech WebAccess Vulnerabilities	Critical	CVE-2018-15705 CVE-2018-15706 CVE-2018-15707
October 30, 2018	TRA-2018-34	[R1] Multiple Vulnerabilities in AVEVA Indusoft Web Studio and InTouch Edge HMI	Critical	CVE-2018-17914 CVE-2018-17916
October 18, 2018	TRA-2018-33	[R1] Multiple Advantech WebAccess Vulnerabilities	High	CVE-2018-15703 CVE-2018-15704
October 17, 2018	TRA-2018-32	[R1] Multiple Oracle WebLogic Docker Password Disclosures	Medium	CVE-2018-3213
October 17, 2018	TRA-2018-31	[R1] Multiple Oracle GoldenGate Manager Vulnerabilities	Critical	CVE-2018-2912 CVE-2018-2913 CVE-2018-2914
October 12, 2018	TRA-2018-30	[R1] IBM WebSphere Application Server Admin Console File Disclosure	Medium	CVE-2018-1770
October 10, 2018	TRA-2018-29	[R1] Multiple Jenkins Vulnerabilities	Medium
October 9, 2018	TRA-2018-28	[R1] HPE Intelligent Management Center Multiple Vulnerabilities	Critical
October 1, 2018	TRA-2018-27	[R1] TP-Link TL-WRN841N Multiple Vulnerabilities	Critical	CVE-2018-15700 CVE-2018-15701 CVE-2018-15702
September 20, 2018	TRA-2018-26	[R1] RSLinx Classic Buffer Overflows	Critical	CVE-2018-14821 CVE-2018-14829
September 17, 2018	TRA-2018-25	[R2] Multiple NUUO NVRMini2 Vulnerabilities	Critical	CVE-2018-1149 CVE-2018-1150
September 10, 2018	TRA-2018-24	[R1] HPE Intelligent Management Center Stack Buffer Overflow	Critical
September 10, 2018	TRA-2018-23	[R1] Advantech WebAccess Remote Code Execution	Critical	CVE-2017-16720
August 24, 2018	TRA-2018-22	[R1] Multiple ASUSTOR Data Master Vulnerabilities	High	CVE-2018-15694 CVE-2018-15695 CVE-2018-15696 CVE-2018-15697 CVE-2018-15698 CVE-2018-15699
August 22, 2018	TRA-2018-21	[R1] Mikrotik RouterOS Multiple Authenticated Vulnerabilities	Critical	CVE-2018-1156 CVE-2018-1157 CVE-2018-1158 CVE-2018-1159
August 21, 2018	TRA-2018-20	[R2] Cisco Data Center Network Manager Authenticated Path Traversal	Medium	CVE-2018-0464
July 18, 2018	TRA-2018-19	[R1] AVEVA InduSoft Web Studio and InTouch Machine Edition Remote Code Execution	Critical	CVE-2018-10620
June 15, 2018	TRA-2018-18	[R1] Burp Suite Community Edition Improper Certificate Validation	Medium	CVE-2018-1153
June 14, 2018	TRA-2018-17	[R1] libturbo-jpeg Denial of Service	Medium	CVE-2018-1152
June 12, 2018	TRA-2018-16	[R1] GlassFish 4.x Denial of Service	High
June 11, 2018	TRA-2018-15	[R2] HPE Moonshot Provisioning Manager Arbitrary File Move	High	CVE-2018-7072 CVE-2018-7073
June 11, 2018	TRA-2018-14	[R1] Western Digital TV Media Player and Live Hub Unauthenticated RCE	Critical	CVE-2018-1151
June 8, 2018	TRA-2018-13	[R2] IBM Netezza Appliance Local Privilege Escalation	High	CVE-2018-1460
May 4, 2018	TRA-2018-12	[R1] Cylance PROTECT Missing SSL Certificate Verification	Medium
May 4, 2018	TRA-2018-11	[R1] Cisco Prime Data Center Network Manager Remote Code Execution	Critical	CVE-2018-0258
May 4, 2018	TRA-2018-10	[R1] Trend Micro Smart Protection Server Denial of Service	High	CVE-2018-6237
May 4, 2018	TRA-2018-09	[R1] OpenVPN Windows Service Double Free	High	CVE-2018-9336
April 12, 2018	TRA-2018-08	[R1] Belkin N750 F9K1103 v1 Multiple Vulnerabilities	Critical	CVE-2018-1143 CVE-2018-1144 CVE-2018-1145 CVE-2018-1146
April 6, 2018	TRA-2018-07	[R3] Schneider Electric InduSoft Web Studio and InTouch Machine Edition Remote Code Execution	Critical	CVE-2018-8840
March 28, 2018	TRA-2018-06	[R1] Cisco IOS and IOS XE Multiple Memory Corruption Vulnerabilities	High	CVE-2018-0172 CVE-2018-0173 CVE-2018-0174
February 26, 2018	TRA-2018-05	[R1] Micro Focus Operations Orchestrations Information Disclosure and Remote Denial of Service	High	CVE-2018-6490
February 26, 2018	TRA-2018-04	[R3] Check Point Gaia OS Privilege Escalation	Medium
February 15, 2018	TRA-2018-03	[R2] EMC VASA Virtual Appliance Default Creds and Arbitrary File Upload	Critical	CVE-2018-1216 CVE-2018-1215
January 29, 2018	TRA-2018-02	[R1] NetGain Enterprise Manager Multiple Remote Vulnerabilities	High	CVE-2017-17406 CVE-2017-16610 CVE-2017-16607 CVE-2017-16609 CVE-2017-16608
January 29, 2018	TRA-2018-01	[R1] HPE Intelligent Management Center (iMC) PLAT Java RMI RCE	High	CVE-2017-5792
November 21, 2017	TRA-2017-37	[R1] gSOAP HTTP DIME Parsing Denial of Service	Medium
November 21, 2017	TRA-2017-36	[R1] Firebird fbudf Module Authenticated Remote Code Execution	Critical	CVE-2017-11509
November 20, 2017	TRA-2017-35	[R2] Verizon Fios Quantum Gateway G1100 Remote Information Disclosure	Medium
November 20, 2017	TRA-2017-34	[R1] Siemens SIMATIC Logon Denial of Service	Medium	CVE-2017-9938
November 10, 2017	TRA-2017-33	[R1] Wanscam Network Camera Multiple Vulnerabiltiies	Medium	CVE-2017-11510
November 9, 2017	TRA-2017-32	[R1] HPE Universal Configuration Management Database Multiple Vulnerabilities	Critical	CVE-2017-14351 CVE-2017-14353 CVE-2017-14354
November 8, 2017	TRA-2017-31	[R1] ManageEngine ServiceDesk Multiple Vulnerabilties	High	CVE-2017-11511 CVE-2017-11512
November 7, 2017	TRA-2017-30	[R1] HPE System Management Homepage Remote Denial of Service	High	CVE-2017-12545
November 7, 2017	TRA-2017-29	[R1] Advantech WebAccess SQL Injection	Critical	CVE-2017-12710
November 7, 2017	TRA-2017-28	[R1] HPE Operations Orchestration Central Remoting Java Deserialization Remote Code Execution	High	CVE-2017-8994
November 7, 2017	TRA-2017-27	[R1] HPE Intelligent Management Center SOM Module Remote File Disclosure	Medium	CVE-2017-12555
November 6, 2017	TRA-2017-26	[R1] HP Data Protector Multiple Remote Vulnerabilities	High	CVE-2017-5807, CVE-2017-5808
November 6, 2017	TRA-2017-25	[R2] HPE Operations Orchestration Incomplete Fix for CVE-2016-8519	High	CVE-2017-8994
November 6, 2017	TRA-2017-24	[R1] Ecava IntegraXor SQL Injection Remote Code Execution	High	CVE-2017-6050
November 3, 2017	TRA-2017-23	[R1] Cisco Security Manager and Prime LMS Java Deserialization Remote Code Execution	Critical	CVE-2015-6420
November 2, 2017	TRA-2017-22	[R1] ReadyMedia HTTP Request Denial of Service	High
November 2, 2017	TRA-2017-21	[R1] Check_MK Multisite Web UI Reflected XSS	Medium	CVE-2017-9781
November 2, 2017	TRA-2017-20	[R2] Check_MK Multisite Web UI Stored and Reflected XSS	Medium	CVE-2017-11507
May 2, 2017	TRA-2017-19	[R1] Kaa IoT Platform SdkServlet / RecordServlet Java Object Deserialization Remote Code Execution	High	CVE-2017-7911
April 26, 2017	TRA-2017-18	[R1] HP Intelligent Management Center (iMC) Platform euplat RMI Registry Java Deserialization Remote Code Execution	Critical	CVE-2017-5792
April 19, 2017	TRA-2017-17	[R1] ManageEngine ServiceDesk Plus AuthError.jsp ErrorMsg Parameter Reflected XSS	Medium
April 18, 2017	TRA-2017-16	[R1] Oracle WebLogic Server Web Container Subcomponent Reflected PartItem File Manipulation Remote Code Execution	Critical	CVE-2017-3531
March 30, 2017	TRA-2017-15	[R2] NetIQ Sentinel Multiple Remote Vulnerabilities	High	CVE-2017-5184 CVE-2017-5185
March 25, 2017	TRA-2017-14	[R1] Cisco Unified Customer Voice Portal Java Deserialization Remote Code Execution	Critical	CVE-2015-6420
March 18, 2017	TRA-2017-13	[R1] HPE LoadRunner libxdrutil.dll mxdr_string() Function XDR String Handling Remote Heap Buffer Overflow	Critical	CVE-2017-5789
March 16, 2017	TRA-2017-12	[R1] HP Intelligent Management Center (iMC) Platform /imc/fault/accessMgrServlet Java Deserialization Remote Code Execution	Critical	CVE-2017-5790
March 15, 2017	TRA-2017-11	[R1] Sophos XG Firewall login.jsp utype Parameter Reflected XSS	Medium
March 13, 2017	TRA-2017-10	[R1] Debian MediaTomb (fork) Multiple Remote Vulnerabilities	Critical	CVE-2012-5958 CVE-2012-5959 CVE-2012-5960 CVE-2016-6255 CVE-2016-8863
February 1, 2017	TRA-2017-09	[R2] HP Intelligent Management Center (iMC) Platform /rptviewer/servlets/redirectviewer Multiple Remote Issues	High	CVE-2016-8525 CVE-2016-8530
January 26, 2017	TRA-2017-08	[R1] Portable SDK for UPnP Devices (libupnp) glibc Implementation getaddrinfo() Function Remote Stack Overflow	Critical	CVE-2015-7547
January 25, 2017	TRA-2017-07	[R1] Oracle WebLogic RMI Registry UnicastRef Object Java Deserialization Remote Code Execution	Critical	CVE-2017-3248
January 23, 2017	TRA-2017-06	[R1] ManageEngine ADAudit Plus Multiple Vulnerabilities	High
January 20, 2017	TRA-2017-05	[R1] HP Operations Orchestration (HP OO) /oo/backwards-compatibility/wsExecutionBridgeService Jaa Deserialization Remote Code Execution	Critical	CVE-2016-8519
January 19, 2017	TRA-2017-04	[R1] Advantech WebAccess Multiple Vulnerabilities	High	CVE-2017-5152 CVE-2017-5154
January 18, 2017	TRA-2017-03	[R2] Oracle Outside In Content Access vspdf.dll Multiple Remote DoS	Medium	CVE-2017-3294 CVE-2017-3295
January 11, 2017	TRA-2017-02	[R2] Sophos Web Protection Appliance ftp_redirect.php s Parameter Reflected XSS	Medium	CVE-2017-9523
January 9, 2017	TRA-2017-01	[R1] Liferay CE Portal /api/liferay Java Deserialization Blacklist Bypass Remote Code Execution	Critical
December 11, 2016	TRA-2016-39	[R1] Hewlett Packard Network Automation RPCServlet Arbitrary Code Execution	High	CVE-2016-8511
December 5, 2016	TRA-2016-38	[R1] Cisco Prime Collaboration Provisioning Restricted CLI Bypass Local Privilege Escalation	Medium	CVE-2016-1320
November 29, 2016	TRA-2016-37	[R2] Dell SonicWALL /appliance/license.jsp Serial Number Disclosure Remote Privilege Escalation	Medium
November 28, 2016	TRA-2016-36	[R1] ManageEngine OpManager NMS Server Multiple Vulnerabilities	Critical
November 25, 2016	TRA-2016-35	[R1] WISE Server Commons Collection / FileUpload Java Deserialization Remote Command Execution	Critical
November 16, 2016	TRA-2016-34	[R1] VMWare vRealize Operations Manager Appliance Multiple Vulnerabilities Chained Remote Code Execution	High	CVE-2016-7462
November 1, 2016	TRA-2016-33	[R1] Oracle WebLogic Server Commons DiskFileItem Remote File Manipulation	Critical	CVE-2016-5535
October 29, 2016	TRA-2016-32	[R1] HP System Management Homepage (SMH) Multiple Remote Stack Buffer Overflows	High	CVE-2016-4395 CVE-2016-4396
October 21, 2016	TRA-2016-31	[R1] ManageEngine ADAudit Plus Obfuscated Cookie Password Disclosure	Low
October 17, 2016	TRA-2016-30	[R1] Novell NetIQ Sentinel Commons DiskFileItem RMI Java Deserialization Remote File Creation / Manipulation	Critical	CVE-2016-1000031
October 6, 2016	TRA-2016-29	[R2] Citrix License Server / Flexera FlexNet Publisher lmadmin.exe 2F Packet Handling Remote DoS	Medium	CVE-2016-6273
September 26, 2016	TRA-2016-28	[R2] CloudView NMS Multiple Remote Vulnerabilities	High
September 22, 2016	TRA-2016-27	[R1] Hewlett Packard Network Automation RMI Registry Port Java Deserialization Remote Code Execution	Critical	CVE-2016-4385
September 21, 2016	TRA-2016-26	[R1] HP LoadRunner Multiple Remote DoS	High	CVE-2016-4384 CVE-2016-4361
September 14, 2016	TRA-2016-25	[R1] Red5 Server RMI Registry /red5 Java Deserialization Remote Code Execution	Critical
August 18, 2016	TRA-2016-24	[R1] PowerFolder Multiple Remote Vulnerabilities	Critical
August 12, 2016	TRA-2016-23	[R4] Apache Wicket DiskFileItem Java Deserialization Remote File Manipulation	Medium	CVE-2013-2186 CVE-2016-1000031 CVE-2016-6793
July 20, 2016	TRA-2016-22	[R2] Red Hat JBoss Operations Network /jboss-remoting-servlet-invoker/ServerInvokerServlet Jython Deserialization Remote Code Execution	Critical	CVE-2016-3737 CVE-2016-6330
July 19, 2016	TRA-2016-21	[R1] Oracle WebLogic Server weblogic.corba.utils.MarshallObject Java Deserialization Remote Code Execution	Critical	CVE-2016-3510
July 8, 2016	TRA-2016-20	[R2] Pivotal Spring Framework HttpInvokerServiceExporter readRemoteInvocation Method Untrusted Java Deserialization	Critical	CVE-2016-1000027
June 28, 2016	TRA-2016-19	[R1] Palo Alto Networks PAN-OS /api Multiple Parameter Handling Remote DoS	Medium
June 27, 2016	TRA-2016-18	[R1] IBM iAccess for Windows i Navigator Encoded Windows Admin Password Local Disclosure	Low	CVE-2016-0287
June 13, 2016	TRA-2016-17	[R2] HP Loadrunner / HP Performance Center Virtual Table Server (VTS) \web\admin\data.js Remote File Deletion	High	CVE-2016-4360
June 13, 2016	TRA-2016-16	[R2] HP LoadRunner mchan.dll Shared Memory Object Name Construction Remote Stack Buffer Overflow	High	CVE-2016-4359
May 17, 2016	TRA-2016-15	[R1] Ipswitch WhatsUp Gold WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection	Medium	CVE-2016-1000000
May 5, 2016	TRA-2016-14	[R1] HP System Management Homepage (SMH) mod_smh_config.so AddCertsToTrustCfgList() Function X.509 Certificate Subject Common Name Handling Remote DoS	Low
May 3, 2016	TRA-2016-13	[R1] Core FTP Server Path Traversal Arbitrary File/Directory Access	Medium
April 20, 2016	TRA-2016-12	[R3] Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution (LOBSTER)	Critical	CVE-2016-1000031
April 20, 2016	TRA-2016-11	[R1] Oracle MySQL Enterprise Monitor Multiple Library readObject() Function Java Object Deserialization Remote Code Execution	High	CVE-2016-3461
April 19, 2016	TRA-2016-10	[R2] ManageEngine OpManager / Service Desk Multiple Vulnerabilities	High	CVE-2016-82014 CVE-2016-82015
April 19, 2016	TRA-2016-09	[R1] Oracle WebLogic ClassFilter.class ServerChannelInputStream Bypass Java Deserialization Remote Code Execution	Critical	CVE-2016-0638 CVE-2015-4829
April 15, 2016	TRA-2016-08	[R1] Cisco Unified Computing System - Multiple Vulnerabilities	Medium	CVE-2016-1339 CVE-2016-1340
April 13, 2016	TRA-2016-07	[R1] Microsoft Windows 10 lsass.exe Empty SID Lookup Handling Remote DoS	Medium	CVE-2016-0135
April 5, 2016	TRA-2016-06	[R1] Cisco Multiple Routers Fragmented IKEv2 Packet Handling Remote Integer Overflow	High	CVE-2016-1344
March 29, 2016	TRA-2016-05	[R1] Barco ClickShare Multiple Script Remote Command Execution	High	CVE-2015-6532 CVE-2015-6533
March 28, 2016	TRA-2016-04	[R2] Cisco IOS Smart Install Client Feature Config / Boot Image File List Upload Remote Code Execution	High	CVE-2015-6264 CVE-2016-1349
March 24, 2016	TRA-2016-03	[R1] Microsoft Windows DNS Server dns.exe answerIQuery() Function Remote Buffer Overflow	Medium	CVE-2016-82007
March 14, 2016	TRA-2016-02	[R1] HP Operations Manager i flex-messaging-core.jar XML External Entity (XXE) Injection Remote Information Disclosure	Medium	CVE-2015-3269
February 17, 2016	TRA-2016-01	[R1] ManageEngine AssetExplorer /workorder/FileDownload.jsp fName Parameter Traversal Remote File Disclosure	Medium	CVE-2016-82002
December 14, 2015	TRA-2015-07	[R1] ManageEngine Desktop Central /statusUpdate fileName Parameter Traversal Multiple Extension File Upload Remote Code Execution	Critical	CVE-2015-82001
November 30, 2015	TRA-2014-04	[R1] NetMotion Mobility VPN nmdrv.sys TCP Connection Termination Handling Remote DoS	High	CVE-2014-82000
November 30, 2015	TRA-2015-06	[R1] HP Client Automation / Accelerite Endpoint Management Core Server HPCA Management Agent (nvdkit.exe) Cleartext Credentials MiTM Disclosure	Low	CVE-2015-82000
November 24, 2015	TRA-2015-05	[R1] FreeSWITCH parse_string() Function Multiple Vector Remote Heap Buffer Overflow	Critical	CVE-2015-8311
October 21, 2015	TRA-2015-04	[R1] NTP Autokey Functionality Multiple Remote DoS	High	CVE-2015-7691 CVE-2015-7692 CVE-2015-7701
October 15, 2015	TRA-2015-03	[R1] 3S CODESYS PLCWinNT Runtime Service NULL Pointer Dereference Remote DoS	High	CVE-2015-6482
September 15, 2015	TRA-2015-02	[R2] Palo Alto Networks Panorama VM Appliance PAN-OS Firmware Signature Verification Bypass Arbitrary Code Execution	High	CVE-2015-6531
August 24, 2015	TRA-2015-01	[R1] Microsoft Windows SMB v1 Service Principal Name Handling Remote Buffer Overflow	High	CVE-2015-2474
May 14, 2014	TRA-2014-01	Juniper Junos Space MySQL Server Unspecified Hardcoded Credentials	High	CVE-2014-3413
February 28, 2014	TRA-2014-02	Novell ZENworks Configuration Management (ZCM) PreBoot Service (novell-pbserv.exe) Remote Path Traversal File Access	High	CVE-2013-3706
January 30, 2014	TRA-2014-03	3S CoDeSys Runtime Toolkit Unspecified NULL Pointer Dereference Remote DoS	High	CVE-2014-0757
November 12, 2013	TRA-2013-08	Adobe ColdFusion CFIDE Directory Unspecified Reflected XSS	Medium	CVE-2013-5326
September 3, 2013	TRA-2013-07	[R1] Cisco Prime Network Control System (NCS) / Wireless Control System (WCS) login.jsp requestUrl Parameter Reflected XSS	Medium	CVE-2012-5990
July 24, 2013	TRA-2013-06	HP LoadRunner XDR-encoded Data Handling Remote Buffer Overflow	High	CVE-2013-4799
July 24, 2013	TRA-2013-05	HP LoadRunner magentproc.exe SSL Connection Handling Buffer Overflow Remote Code Execution	High	CVE-2013-4800
May 22, 2013	TRA-2013-10	3S CoDeSys Gateway Unspecified Use-after-free Arbitrary Code Execution	Critical	CVE-2013-2781
May 14, 2013	TRA-2013-04	Adobe ColdFusion Unspecified Remote Code Execution	Critical	CVE-2013-1389
April 19, 2013	TRA-2013-09	[R1] IBM InfoSphere Products /rdweb/getUsers.do Remote Account Information Remote Disclosure	Medium	CVE-2013-0584
March 27, 2013	TRA-2013-03	Cisco IOS Smart Install Client Feature Malformed Config / Boot Image File Upload Remote Code Execution	Critical	CVE-2013-1146
January 23, 2013	TRA-2013-02	[R1] WebYaST /host Configuration Path Handling Unauthenticated Host List Manipulation	Medium	CVE-2012-0435
January 9, 2013	TRA-2013-01	Dell OpenManage Server Administrator /help/sm/en/Output/wwhelp/wwhimpl/js/html/index_main.htm topic Parameter DOM-based XSS	Medium	CVE-2012-6272
August 29, 2012	TRA-2012-18	Novell File Reporter NFRAgent.exe VOL Element Tag Parsing Remote Overflow	High
August 22, 2012	TRA-2012-17	[R1] McAfee Email and Web Security / Email Gateway Multiple Vulnerabilities	Critical	CVE-2012-4595 CVE-2012-4596 CVE-2012-4597
July 20, 2012	TRA-2012-16	[R1] Symantec Web Gateway (SWG) Multiple Vulnerabilities #2	Critical	CVE-2012-2953 CVE-2012-2957 CVE-2012-2961 CVE-2012-2977
June 10, 2012	TRA-2012-05	Rocket U2 UniData unidata72 RPC Interface Call Parsing Arbitrary Command Execution	Critical
May 19, 2012	TRA-2012-04	[R1] Symantec LiveUpdate Administrator Installation Directory Permission Weakness Local Privilege Escalation	High	CVE-2012-0304
May 17, 2012	TRA-2012-03	[R1] Symantec Web Gateway (SWG) Multiple Vulnerabilities #1	Critical	CVE-2012-0297 CVE-2012-0298 CVE-2012-0299 CVE-2012-0296
May 9, 2012	TRA-2012-02	Apple Mac OS X SRP-Based Authentication Credential Verification Time Capsule Credential Information Disclosure	Medium	CVE-2012-0675
May 3, 2012	TRA-2012-19	[R1] CiscoWorks Prime LAN Management Solution (LMS) Autologin.jsp URL Parameter HTTP Header Response Splitting	Medium	CVE-2011-4237
January 10, 2012	TRA-2012-01	PHP Timezone Functionality php_date_parse_tzfile Cache strtotime Function Call Saturation Remote DoS	Medium	CVE-2012-0789
November 11, 2011	TRA-2011-12	HP StorageWorks P4000 Virtual SAN Appliance Software Management Service Authentication Bypass Remote Command Execution	High	CVE-2012-4361 CVE-2012-2986
November 3, 2011	TRA-2011-09	[R1] Dell KACE K2000 System Deployment Appliance Task Processor Database Write Access Remote Privilege Escalation	High	CVE-2011-4047
November 3, 2011	TRA-2011-08	[R1] Dell KACE K2000 System Deployment Appliance Read-Only Account Default Credentials Remote Information Disclosure	Medium	CVE-2011-4048
November 3, 2011	TRA-2011-10	[R1] Dell KACE K2000 System Deployment Appliance Multiple Reflected XSS	Medium	CVE-2011-4436
November 3, 2011	TRA-2011-11	[R2] Dell KACE K2000 System Deployment Appliance Backdoor Admin Account	Critical	CVE-2011-4046
October 11, 2011	TRA-2011-07	[R1] Microsoft Forefront Unified Access Gateway Multiple Vulnerabilities	Medium	CVE-2011-1895 CVE-2011-1896 CVE-2011-1897
August 8, 2011	TRA-2011-06	[R2] HP OpenView Performance Insight sendEmail.jsp bgcolor Parameter Reflected XSS	Medium	CVE-2011-2410
July 19, 2011	TRA-2011-05	[R1] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution	Critical	CVE-2011-2261
May 31, 2011	TRA-2011-04	[R1] IBM Tivoli Management Framework Endpoint lcfd.exe opts Field Handling Remote Buffer Overflow	High	CVE-2011-1220
April 26, 2011	TRA-2011-03	IBM solidDB rpc_test_svc Commands Handling NULL Dereference Remote DoS	High	CVE-2011-1208
April 1, 2011	TRA-2011-02	IBM solidDB Password Hash Verification Bypass Remote Code Execution	High	CVE-2011-1560
February 8, 2011	TRA-2011-01	[R1] Adobe ColdFusion Administrator Console login.cfm URI Handling Reflected XSS	Medium	CVE-2011-0580
December 15, 2010	TRA-2010-05	HP Power Manager Management Server Login Form URL Parameter Buffer Overflow	High	CVE-2010-4113
November 6, 2010	TRA-2010-04	[R1] FreeNAS exec_raw.php cmd Parameter Remote Command Execution	Critical
October 13, 2010	TRA-2010-03	[R1] HP Multiple Products switchFWInstallStatus.jsp logfile Parameter Arbitrary File Access	High	CVE-2010-3286 CVE-2010-3986 CVE-2010-4100 CVE-2010-4103 CVE-2010-4102
September 8, 2010	TRA-2010-02	[R1] phpMyAdmin Setup Script setup/frames/index.inc.php Verbose Server Name Stored XSS	Medium	CVE-2010-3263
May 5, 2010	TRA-2010-01	HP Mercury LoadRunner Agent magentproc.exe Remote Arbitrary Code Execution	Critical	CVE-2010-1549
December 16, 2009	TRA-2009-04	HP Storage OpenView Data Protector Backup Client Service MSG_PROTOCOL Command Remote Overflow	Critical	CVE-2007-2280
November 10, 2009	TRA-2009-03	Movable Type /mt/mt-check.cgi System Information Disclosure	Medium
April 14, 2009	TRA-2009-02	[R1] phpMyAdmin < 3.1.3.2 Multiple Vulnerabilities	Critical	CVE-2009-1285
March 19, 2009	TRA-2009-01	Adobe Acrobat getIcon() Function PDF Handling Overflow	High	CVE-2009-0927
August 14, 2008	TRA-2008-01	Symantec Veritas Storage Foundation Scheduler Service (VxSchedService.exe) NULL NTLMSSP Authentication Bypass	Critical	CVE-2008-3703
December 14, 2007	TRA-2007-12	HP-UX Software Distributor (SD) swagentd sw_rpc_agent_init Function Crafted DCE RPC Request Remote Overflow	Critical	CVE-2007-6195
December 11, 2007	TRA-2007-11	Microsoft Windows Message Queuing MSMQ Message Handling Arbitrary Code Execution	High	CVE-2007-3039
December 7, 2007	TRA-2007-10	Novell NetMail AntiVirus Agent (avirus.exe) Unspecified ASCII Iinteger Handling Remote Overflow	Medium	CVE-2007-6302
December 6, 2007	TRA-2007-09	HP OpenView Network Node Manager (OV NNM) Multiple Remote Overflow	Critical	CVE-2007-6204
October 10, 2007	TRA-2007-08	CA BrightStor ARCServe Backup Message Engine RPC Service Arbitrary Code Execution	Critical	CVE-2007-5328
September 4, 2007	TRA-2007-07	MIT Kerberos 5 RPCSEC_GSS RPC Library (librpcsecgss) lib/rpc/svc_auth_gss.c svcauth_gss_validate Function Remote Overflow	Critical	CVE-2007-3999
August 20, 2007	TRA-2007-06	EMC NetWorker Remote Exec Service (nsrexecd.exe) Remote Overflow	High	CVE-2007-3618
July 25, 2007	TRA-2007-05	BakBone NetVault Reporter Manager Scheduler Client Multiple Remote Overflow	Critical	CVE-2007-3911
July 20, 2007	TRA-2007-04	Panda AdminSecure Agent Crafted Packet Remote Overflow	High	CVE-2007-3026
May 9, 2007	TRA-2007-03	CA Multiple Products inoweb Console Server Authentication Remote Overflow	Critical	CVE-2007-2522
April 24, 2007	TRA-2007-02	CA BrightStor ARCserve Backup Media Server SUN RPC Service Remote Overflows	Critical	CVE-2007-2139
April 18, 2007	TRA-2007-01	Novell GroupWise WebAccess GWINTER.exe Basic Authentication Base64 Decoding Overflow	Critical	CVE-2007-2171
July 11, 2006	TRA-2006-01	Microsoft Windows Server Service SRV.SYS Crafted Request SMB Information Disclosure	Medium	CVE-2006-1315

Accurately identify, investigate and prioritize vulnerabilities. Managed in the Cloud.

Accurately identify, investigate and prioritize vulnerabilities. Managed On-Prem.

The #1 vulnerability assessment solution.

Security integrated into DevOps. Protect containers in development and operations.

Streamline verification of adherence with PCI Data Security Standard.

Automated web application scanning. For modern and traditional web frameworks.

Accurately identify, investigate and prioritize vulnerabilities. For critical infrastructure and operational technology.

Business Solutions

Industry Solutions

Compliance Solutions

Support and Services

Quick Links

About Us

News and Events

Partner Information

Find A Partner

Explore Cyber Exposure

Research Reports

Tenable Research Advisories

Find a vulnerability in a Tenable product?

Learn More about Industrial Security

Accurately identify, investigate and prioritize vulnerabilities. Managed in the Cloud.

Accurately identify, investigate and prioritize vulnerabilities. Managed On-Prem.

The #1 vulnerability assessment solution.

Security integrated into DevOps. Protect containers in development and operations.

Streamline verification of adherence with PCI Data Security Standard.

Automated web application scanning. For modern and traditional web frameworks.

Accurately identify, investigate and prioritize vulnerabilities. For critical infrastructure and operational technology.

Tenable Research Advisories

Find a vulnerability in a Tenable product?

Try Tenable.io

Buy Tenable.io

Thank You

Try Nessus Professional Free

Buy Nessus Professional

Try Tenable.io Web Application Scanning

Buy Tenable.io Web Application Scanning

Thank You

Try Tenable.io Container Security

Buy Tenable.io Container Security

Thank You

Learn More about Industrial Security