Tenable.sc Security Vulnerabilities and Issues — Tenable.sc CVE List

Lucene search

TenableTenable.sc

10 matches found

CVE•added 2021/09/16 3:15 p.m.•1869 views

CVE-2021-34798

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

7.5CVSS8.8AI score0.11686EPSS

CVE•added 2021/08/16 8:15 a.m.•1619 views

CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

7.5CVSS7.8AI score0.01003EPSS

CVE•added 2022/04/04 5:15 p.m.•1573 views

CVE-2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This pr...

7.5CVSS8AI score0.0068EPSS

CVE•added 2019/08/09 8:15 p.m.•713 views

CVE-2019-11042

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to informatio...

7.1CVSS7.2AI score0.0329EPSS

CVE•added 2019/08/09 8:15 p.m.•694 views

CVE-2019-11041

7.1CVSS7.2AI score0.02817EPSS

CVE•added 2020/04/27 9:15 p.m.•624 views

CVE-2020-7067

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

7.5CVSS7.5AI score0.09983EPSS

CVE•added 2021/08/24 3:15 p.m.•607 views

CVE-2021-3712

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byt...

7.4CVSS8AI score0.00814EPSS

CVE•added 2021/03/29 2:15 p.m.•563 views

CVE-2021-23358

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

7.2CVSS5.6AI score0.00968EPSS

CVE•added 2020/04/09 3:15 a.m.•409 views

CVE-2020-11655

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

7.5CVSS7.9AI score0.08565EPSS

CVE•added 2020/12/21 6:15 p.m.•42 views

CVE-2020-5808

In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration.

7.5CVSS7.4AI score0.00316EPSS