Lucene search
K
TenableSecuritycenter

10 matches found

CVE
CVE
added 2019/12/23 2:40 a.m.748 views

CVE-2019-11049

CVE-2019-11049 affects PHP 7.3.x with versions below 7.3.13 and PHP 7.4.0 on Windows. The issue arises when supplying custom headers to mail() with the header in lowercase, which can cause double-free of memory locations. There are no exploitation details in the provided documents beyond this des...

9.8CVSS7.8AI score0.04218EPSS
CVE
CVE
added 2019/12/23 2:40 a.m.663 views

CVE-2019-11045

In PHP, DirectoryIterator vulnerability CVE-2019-11045 affects PHP 7.2.x < 7.2.26, 7.3.x

5.9CVSS7AI score0.08818EPSS
CVE
CVE
added 2019/12/23 2:40 a.m.657 views

CVE-2019-11050

CVE-2019-11050 concerns the PHP EXIF extension: when parsing EXIF data via exif_read_data(), PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13, and 7.4.0 allow data to read beyond the allocated buffer, leading to potential information disclosure or a crash. Connected advisories confirm the vuln...

6.5CVSS7.1AI score0.07624EPSS
CVE
CVE
added 2019/12/23 2:40 a.m.513 views

CVE-2019-11046

Summary (CVE-2019-11046) : PHP versions affected are 7.2.x below 7.2.26, 7.3.x below 7.3.13, and 7.4.0. The vulnerability is in the bcmath extension where a string containing characters identified as numeric by the OS but not ASCII digits can cause reading beyond allocated space, potentially disc...

5.3CVSS6.4AI score0.04082EPSS
CVE
CVE
added 2019/12/23 2:40 a.m.462 views

CVE-2019-11044

The CVE-2019-11044 issue affects PHP when running on Windows, where the link() function accepts filenames with embedded null bytes and treats them as terminating at that byte. Affected PHP versions are 7.2.x below 7.2.26, 7.3.x below 7.3.13, and 7.4.0 on Windows. The underlying cause is null-byte...

7.5CVSS6.7AI score0.05124EPSS
CVE
CVE
added 2017/11/02 5:0 p.m.64 views

CVE-2017-11508

SecurityCenter 5.5.0–5.5.2 contain a SQL Injection vulnerability exploitable by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could insert a crafted SQL query into the password field of a diagnostic scan, potentially gaining unauthorized access to the Secur...

8.8CVSS8.9AI score0.01202EPSS
CVE
CVE
added 2018/08/02 7:0 p.m.56 views

CVE-2018-1154

The CVE-2018-1154 issue affects SecurityCenter prior to version 5.7.0, where an unauthenticated attacker could enumerate username aliases by brute-forcing responses, potentially leading to unauthorized access. The issue’s root cause is a username enumeration mechanism; mitigation configured in th...

8.8CVSS8.5AI score0.00673EPSS
CVE
CVE
added 2013/09/24 10:0 a.m.55 views

CVE-2013-5911

The CVE-2013-5911 entry describes a cross-site scripting (XSS) vulnerability in Tenable SecurityCenter’s devform.php, affecting versions 4.6 through 4.7. The underlying cause is improper validation of user-supplied input to the message parameter, allowing an attacker to inject arbitrary HTML/Java...

4.3CVSS5.9AI score0.00931EPSS
CVE
CVE
added 2018/08/02 7:0 p.m.51 views

CVE-2018-1155

Tenable SecurityCenter (pre-5.7.0) is affected by an XSS vulnerability in the Reports feature: an authenticated attacker can inject JavaScript via the image filename parameter due to insufficient input validation. The issue is addressed in versions 5.7.0 and later through updated input validation...

5.4CVSS5.3AI score0.00569EPSS
CVE
CVE
added 2023/06/26 5:39 p.m.43 views

CVE-2023-2005

This CVE affects Tenable.Io, Nessus, and Tenable Security Center prior to Plugin Feed ID #202306261202. The issue enables a user with scan-target permissions to place a binary in a specific filesystem location to escalate privileges via the impacted plugin. Remediation per PT-2023-17405 recommend...

8.8CVSS8.6AI score0.00378EPSS