Twenty five years after the launch of CVE, the Tenable Security Response Team has handpicked 25 vulnerabilities that stand out for their significance.
Background
In January 1999, David E. Mann and Steven M. Christey published the paper "Towards a Common Enumeration of Vulnerabilities" describing an effort to create interoperability between multiple vulnerability databases. To achieve a common taxonomy for vulnerabilities and exposures, they proposed Common Vulnerabilities and Exposures (CVE). In September 1999, the MITRE Corporation finalized the first CVE list, which included 321 records. CVE was revealed to the world the following month.
As of October 2024, there are over 240,000 CVEs. including many that have significantly impacted consumers, businesses and governments. The Tenable Security Response Team has chosen to highlight the following 25 significant vulnerabilities, followed by links to product coverage for Tenable customers to utilize.
CVE-2010-2568: Windows Shell Remote Code Execution Vulnerability
CVE-2014-0160: OpenSSL Information Disclosure Vulnerability
CVE-2014-6271: GNU Bash Shellshock Remote Code Execution Vulnerability
CVE-2015-5119: Adobe Flash Player Use After Free
CVE-2017-11882: Microsoft Office Equation Editor Remote Code Execution Vulnerability
CVE-2017-0144: Windows SMB Remote Code Execution Vulnerability
CVE-2017-5638: Apache Struts 2 Jakarta Multipart Parser Remote Code Execution Vulnerability
CVE-2019-0708: Remote Desktop Services Remote Code Execution Vulnerability
CVE-2020-0796: Windows SMBv3 Client/Server Remote Code Execution Vulnerability
CVE-2019-19781: Citrix ADC and Gateway Remote Code Execution Vulnerability
CVE-2019-10149: Exim Remote Command Execution Vulnerability
CVE-2020-1472: Netlogon Elevation of Privilege Vulnerability
CVE-2017-5753: CPU Speculative Execution Bounds Check Bypass Vulnerability
CVE-2017-5754: CPU Speculative Execution Rogue Data Cache Load Vulnerability
CVE-2021-36942: Windows LSA Spoofing Vulnerability
CVE-2022-30190: Microsoft Windows Support Diagnostic Tool Remote Code Execution
CVE-2021-44228: Apache Log4j Remote Code Execution Vulnerability
CVE-2021-26855: Microsoft Exchange Server Server-Side Request Forgery Vulnerability
CVE-2021-34527: Microsoft Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-27101: Accellion File Transfer Appliance (FTA) SQL Injection Vulnerability
CVE-2023-34362: Progress Software MOVEit Transfer SQL Injection Vulnerability
CVE-2023-4966: Citrix NetScaler and ADC Gateway Sensitive Information Disclosure Vulnerability
CVE-2023-2868: Barracuda Email Security Gateway (ESG) Remote Command Injection Vulnerability
CVE-2024-3094: XZ Utils Embedded Malicious Code Vulnerability
Identifying affected systems
A list of Tenable plugins for these vulnerabilities can be found on the individual CVE pages: