Lucene search

K
TenableTenable.sc

6 matches found

CVE
CVE
•added 2021/12/20 12:15 p.m.•2485 views

CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forger...

8.2CVSS8.7AI score0.11965EPSS
CVE
CVE
•added 2020/04/01 4:15 a.m.•968 views

CVE-2020-7065

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.

8.8CVSS8.2AI score0.05019EPSS
CVE
CVE
•added 2022/04/13 9:15 p.m.•157 views

CVE-2022-24828

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where th...

8.8CVSS8.7AI score0.00216EPSS
CVE
CVE
•added 2022/01/14 8:15 p.m.•66 views

CVE-2022-0130

Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server root of the Tenable.sc...

8.1CVSS8.5AI score0.01943EPSS
CVE
CVE
•added 2021/03/03 5:15 p.m.•52 views

CVE-2021-20076

Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization.

8.8CVSS8.9AI score0.03466EPSS
CVE
CVE
•added 2023/02/01 3:15 a.m.•48 views

CVE-2023-0524

As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue an...

8.8CVSS8.9AI score0.0014EPSS