Tenable Blog

CVE-2017-9841: Drupal Sites Exploited Using PHPUnit Vulnerability in Mailchimp Modules (PSA-2019-0904)

by Satnam Narang on September 5, 2019

Attackers are leveraging a vulnerability patched nearly three years ago to target Drupal sites.

Background

On September 4, Drupal published PSA-2019-09-04, a public service announcement (PSA) for a vulnerability in a third-party library in a Drupal module that’s being actively exploited in the wild.

CVE-2019-12643: Critical Authentication Bypass Vulnerability in REST API Container for Cisco IOS XE

by Satnam Narang on August 29, 2019

Cisco releases ten advisories, including one critical advisory impacting Cisco IOS XE devices with the REST API Container enabled.

CVE-2018-13379, CVE-2019-11510: FortiGate and Pulse Connect Secure Vulnerabilities Exploited In the Wild

by Satnam Narang on August 27, 2019

Attackers are exploiting arbitrary file disclosure vulnerabilities in popular SSL VPNs from Fortinet and PulseSecure.

Critical Cisco Vulnerabilities Across Multiple Products, Exploit Code for CVE-2019-1913 Reportedly Released

by Satnam Narang on August 22, 2019

Cisco published new advisories for Integrated Management Controller (IMC) and Unified Computing System (UCS) Director, and updates for Small Business 220 Series Smart Switches that include the existence of public exploit code.

Background

On August 21, Cisco published 27 new advisories and updated six advisories across a variety of its products.

How To: Run Your First Vulnerability Scan with Nessus

by Team Tenable on August 22, 2019

Get your Nessus vulnerability assessment tool up and running with these five easy steps.

With Nessus, you can gain full visibility into your network by conducting a vulnerability assessment. Read on as we guide you through the five steps to run your first Nessus scan. (If you have not yet installed Nessus, please click here to see the installation guide.)

CVE-2019-11510: Proof of Concept Available for Arbitrary File Disclosure in Pulse Connect Secure

by Scott Caveza on August 21, 2019

A proof of concept has been made public for CVE-2019-11510, an arbitrary file disclosure vulnerability found in popular virtual private network software, Pulse Connect Secure.

How Emerson Uses Tenable.io to Find and Fix Vulnerabilities

by Team Tenable on August 21, 2019

Emerson’s solutions are used in manufacturing, industrial, commercial and residential environments. Learn how Tenable.io became a staple for the application and product security testing team.

Apple iPhone and iPad Devices Vulnerable After Reintroduction of SockPuppet Flaw in iOS 12.4 (CVE-2019-8605)

by Satnam Narang on August 20, 2019

Previously disclosed and patched flaw was reintroduced in iOS 12.4, which could be used in combination with a separate vulnerability to hack into Apple mobile devices.

Update: Apple released iOS 12.4.1 on August 26 to address the reintroduction of the SockPuppet vulnerability.

CVE-2019-15107: Exploit Modules Available for Remote Code Execution Vulnerability in Webmin

by Ryan Seguin on August 19, 2019

The popular Linux/UNIX systems management tool has more than 3 million downloads per year and the vulnerability has been present for at least a year, putting many virtual UNIX management systems at risk.

Multiple Denial of Service (DoS) Vulnerabilities in HTTP/2 Disclosed (CVE-2019-9511, CVE-2019-9518)

by Satnam Narang on August 14, 2019

A variety of Denial of Service vulnerabilities were found in third-party implementations of HTTP/2.

Tenable One Exposure Management Platform

Platform categories

Platform capabilities

Cloud Exposure

Vulnerability Exposure

OT/IoT Exposure

Identity Exposure

Business needs

Industries

Compliance

Public Sector

The Tenable difference

Compare Tenable to:

Resources

Research

Tenable Assure partners

Other partner opportunities

Support

Services

Tenable Trust

About us

Media

Connect

Join us

Tenable Blog

CVE-2017-9841: Drupal Sites Exploited Using PHPUnit Vulnerability in Mailchimp Modules (PSA-2019-0904)

Background

CVE-2019-12643: Critical Authentication Bypass Vulnerability in REST API Container for Cisco IOS XE

CVE-2018-13379, CVE-2019-11510: FortiGate and Pulse Connect Secure Vulnerabilities Exploited In the Wild

Critical Cisco Vulnerabilities Across Multiple Products, Exploit Code for CVE-2019-1913 Reportedly Released

Background

How To: Run Your First Vulnerability Scan with Nessus

CVE-2019-11510: Proof of Concept Available for Arbitrary File Disclosure in Pulse Connect Secure

How Emerson Uses Tenable.io to Find and Fix Vulnerabilities

Apple iPhone and iPad Devices Vulnerable After Reintroduction of SockPuppet Flaw in iOS 12.4 (CVE-2019-8605)

CVE-2019-15107: Exploit Modules Available for Remote Code Execution Vulnerability in Webmin

Multiple Denial of Service (DoS) Vulnerabilities in HTTP/2 Disclosed (CVE-2019-9511, CVE-2019-9518)

Tenable Blog

Background

Background

Tenable Vulnerability Management

Tenable Vulnerability Management

Thank You

Tenable Vulnerability Management

Tenable Vulnerability Management

Thank you

Tenable Vulnerability Management

Tenable Vulnerability Management

Thank you

Try Tenable Web App Scanning

Buy Tenable Web App Scanning

Thank you

Request a demo of Tenable Security Center

Request a demo of Tenable OT Security

Request a demo

Request a demo of Tenable Cloud Security

See Tenable One in action

See Tenable Attack Surface Management in action

Get a demo of Tenable Enclave Security

Thank You

Try Tenable Nessus Professional free

NEW - Tenable Nessus Expert now available

Buy Tenable Nessus Professional

Try Tenable Nessus Expert free

Buy Tenable Nessus Expert

Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements

Get a demo of Tenable Patch Management

See
Tenable One
in action

NEW - Tenable Nessus Expert
now available