Tenable Blog

CVE-2019-10149: Critical Remote Command Execution Vulnerability Discovered In Exim

by Satnam Narang on June 6, 2019

Researchers discover critical remote command execution vulnerability in older versions of Exim. Over 4.1 million systems are potentially vulnerable to local exploitation and remote exploitation is possible in non-default configurations.

GovEdge 2019: Five Things You Need to Know About Tenable’s Public Sector User Conference

by Team Tenable on May 31, 2019

At Tenable’s GovEdge 2019 public sector user conference, June 4-5 in Washington, D.C., you’ll learn how to make the most of your Tenable deployment and gain valuable Cyber Exposure best practices — all while networking with your peers, our experts and an entire ecosystem of partners. Here’s what you can expect.

SandboxEscaper: Local Privilege Escalation Bugs Including Four Zero-Day Vulnerabilities Disclosed

by Satnam Narang on May 23, 2019

Five vulnerabilities, including four zero-day vulnerabilities, have been disclosed in Windows Task Scheduler, Windows Error Reporting, Internet Explorer 11, Microsoft Edge and Windows Installer, which could be used by attackers to elevate privileges.

Stop the Presses: Media Coverage as a Prioritization Metric for Vulnerability Management

by Claire Tills on May 22, 2019

We wondered whether mainstream media coverage of vulnerabilities changed how companies perform vulnerability management. So we asked them. Here’s what we learned.

In technical circles, vulnerabilities have always been news. More often now though, vulnerabilities are mainstream news. They are regularly covered in business outlets read by company leaders who may not otherwise get involved in the nitty gritty of vulnerability management.

Slack Patches Download Hijack Vulnerability in Windows Desktop App

by Tenable Research on May 17, 2019

Tenable Researcher David Wells discovered a vulnerability in Slack Desktop for Windows that could have allowed an attacker to alter where files downloaded within Slack are stored. Tenable worked with Slack via HackerOne based on our coordinated disclosure policy and Slack has since released a new version of its Windows desktop client to address this vulnerability. Users should ensure their Slack desktop application is up to date.

Microarchitectural Data Sampling: Speculative Execution Side-Channel Vulnerabilities Found in Intel CPUs

by Satnam Narang on May 15, 2019

Researchers disclose speculative execution side-channel attacks named ZombieLoad, RIDL and Fallout in Intel Central Processing Units (CPUs).

Nessus Home Is Now Nessus Essentials

by Lindsay Schwartz on May 15, 2019

We’ve given Nessus Home a refresh, and we’re excited to share with you the new and updated free vulnerability assessment solution, Nessus Essentials.

As part of the Nessus family, Nessus Essentials is a free vulnerability assessment solution for up to 16 IPs that provides an entry point into the Tenable ecosystem.

Critical 'BlueKeep' Vulnerability CVE-2019-0708 Addressed in Patch Tuesday Updates

by Ryan Seguin on May 14, 2019

Microsoft has released its May 2019 Security Updates, which includes a fix for BlueKeep (CVE-2019-0708), a critical remote code execution vulnerability affecting the Remote Desktop Service.

Thrangrycat: Vulnerabilities in Cisco Secure Boot and Cisco IOS XE (CVE-2019-1649, CVE-2019-1862)

by Satnam Narang on May 14, 2019

Researchers identify vulnerabilities in Cisco Secure Boot process and Cisco IOS XE devices that could reportedly be chained together for significant impact.

CVE-2019-5021: Hard-Coded NULL root Password Found in Alpine Linux Docker Images

by Ryan Seguin on May 9, 2019

A Hard-Coded NULL root user password vulnerability was found in Alpine Linux Docker Images from December 2015’s 3.3 version onward. Users are encouraged to disable the root user, or any services that utilize the system shadow file as an authentication database.

Tenable One Exposure Management Platform

Platform categories

Platform capabilities

Cloud Exposure

Vulnerability Exposure

OT/IoT Exposure

Identity Exposure

Business needs

Industries

Compliance

Public Sector

The Tenable difference

Compare Tenable to:

Resources

Research

Tenable Assure partners

Other partner opportunities

Support

Services

Tenable Trust

About us

Media

Connect

Join us

Tenable Blog

CVE-2019-10149: Critical Remote Command Execution Vulnerability Discovered In Exim

GovEdge 2019: Five Things You Need to Know About Tenable’s Public Sector User Conference

SandboxEscaper: Local Privilege Escalation Bugs Including Four Zero-Day Vulnerabilities Disclosed

Stop the Presses: Media Coverage as a Prioritization Metric for Vulnerability Management

Slack Patches Download Hijack Vulnerability in Windows Desktop App

Microarchitectural Data Sampling: Speculative Execution Side-Channel Vulnerabilities Found in Intel CPUs

Nessus Home Is Now Nessus Essentials

Critical 'BlueKeep' Vulnerability CVE-2019-0708 Addressed in Patch Tuesday Updates

Thrangrycat: Vulnerabilities in Cisco Secure Boot and Cisco IOS XE (CVE-2019-1649, CVE-2019-1862)

CVE-2019-5021: Hard-Coded NULL root Password Found in Alpine Linux Docker Images

Tenable Blog

Tenable Vulnerability Management

Tenable Vulnerability Management

Thank You

Tenable Vulnerability Management

Tenable Vulnerability Management

Thank you

Tenable Vulnerability Management

Tenable Vulnerability Management

Thank you

Try Tenable Web App Scanning

Buy Tenable Web App Scanning

Thank you

Request a demo of Tenable Security Center

Request a demo of Tenable OT Security

Request a demo

Request a demo of Tenable Cloud Security

See Tenable One in action

See Tenable Attack Surface Management in action

Get a demo of Tenable Enclave Security

Thank You

Try Tenable Nessus Professional free

NEW - Tenable Nessus Expert now available

Buy Tenable Nessus Professional

Try Tenable Nessus Expert free

Buy Tenable Nessus Expert

Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements

Get a demo of Tenable Patch Management

See
Tenable One
in action

NEW - Tenable Nessus Expert
now available