Vulnerabilities (CVE)

Filtered by vendor Tenable Subscribe
Filtered by product Tenable.sc
Total 46 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-23841 7 Apple, Debian, Netapp and 4 more 23 Ipados, Iphone Os, Macos and 20 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
CVE-2021-23358 4 Debian, Fedoraproject, Tenable and 1 more 4 Debian Linux, Fedora, Tenable.sc and 1 more 2024-11-21 6.5 MEDIUM 3.3 LOW
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
CVE-2021-21707 4 Debian, Netapp, Php and 1 more 4 Debian Linux, Clustered Data Ontap, Php and 1 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
CVE-2021-20076 1 Tenable 1 Tenable.sc 2024-11-21 6.5 MEDIUM 8.8 HIGH
Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization.
CVE-2020-7070 7 Canonical, Debian, Fedoraproject and 4 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2024-11-21 5.0 MEDIUM 4.3 MEDIUM
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
CVE-2020-7069 8 Canonical, Debian, Fedoraproject and 5 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2024-11-21 6.4 MEDIUM 5.4 MEDIUM
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
CVE-2020-7068 3 Debian, Php, Tenable 3 Debian Linux, Php, Tenable.sc 2024-11-21 3.3 LOW 4.8 MEDIUM
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
CVE-2020-7067 4 Debian, Oracle, Php and 1 more 4 Debian Linux, Communications Diameter Signaling Router, Php and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
CVE-2020-7066 4 Debian, Opensuse, Php and 1 more 4 Debian Linux, Leap, Php and 1 more 2024-11-21 4.3 MEDIUM 5.3 MEDIUM
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.
CVE-2020-7065 4 Canonical, Debian, Php and 1 more 4 Ubuntu Linux, Debian Linux, Php and 1 more 2024-11-21 6.8 MEDIUM 7.4 HIGH
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
CVE-2020-7064 5 Canonical, Debian, Opensuse and 2 more 5 Ubuntu Linux, Debian Linux, Leap and 2 more 2024-11-21 5.8 MEDIUM 6.5 MEDIUM
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
CVE-2020-7063 4 Debian, Opensuse, Php and 1 more 4 Debian Linux, Leap, Php and 1 more 2024-11-21 5.0 MEDIUM 5.5 MEDIUM
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
CVE-2020-7061 3 Microsoft, Php, Tenable 3 Windows, Php, Tenable.sc 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
CVE-2020-7060 5 Debian, Opensuse, Oracle and 2 more 5 Debian Linux, Leap, Communications Diameter Signaling Router and 2 more 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2020-7059 5 Debian, Opensuse, Oracle and 2 more 5 Debian Linux, Leap, Communications Diameter Signaling Router and 2 more 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2020-5808 1 Tenable 1 Tenable.sc 2024-11-21 5.0 MEDIUM 7.5 HIGH
In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration.
CVE-2020-5737 1 Tenable 1 Tenable.sc 2024-11-21 3.5 LOW 5.4 MEDIUM
Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Updated input validation techniques have been implemented to correct this issue.
CVE-2020-11656 5 Netapp, Oracle, Siemens and 2 more 12 Ontap Select Deploy Administration Utility, Communications Messaging Server, Communications Network Charging And Control and 9 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
CVE-2020-11655 7 Canonical, Debian, Netapp and 4 more 18 Ubuntu Linux, Debian Linux, Ontap Select Deploy Administration Utility and 15 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVE-2019-8331 4 F5, Getbootstrap, Redhat and 1 more 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.