Tenable.sc Security Vulnerabilities and Issues — Tenable.sc CVE List

Lucene search

TenableTenable.sc

11 matches found

CVE•added 2021/12/20 12:15 p.m.•6732 views

CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earl...

9.8CVSS9.9AI score0.85858EPSS

CVE•added 2021/09/16 3:15 p.m.•4441 views

CVE-2021-40438

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

9CVSS9.5AI score0.94432EPSS

CVE•added 2019/10/28 3:15 p.m.•4110 views

CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

9.8CVSS9.6AI score0.94114EPSS

CVE•added 2020/02/10 8:15 a.m.•661 views

CVE-2020-7059

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.

9.1CVSS7.6AI score0.01881EPSS

CVE•added 2021/08/24 3:15 p.m.•630 views

CVE-2021-3711

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size req...

9.8CVSS9.9AI score0.02876EPSS

CVE•added 2020/02/10 8:15 a.m.•619 views

CVE-2020-7060

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclos...

9.1CVSS7.6AI score0.06404EPSS

CVE•added 2020/02/27 9:15 p.m.•494 views

CVE-2020-7061

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.

9.1CVSS7.4AI score0.02056EPSS

CVE•added 2020/04/09 3:15 a.m.•340 views

CVE-2020-11656

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

9.8CVSS9.1AI score0.0847EPSS

CVE•added 2019/12/20 11:15 p.m.•258 views

CVE-2019-19919

Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads.

9.8CVSS9.6AI score0.24752EPSS

CVE•added 2019/12/09 7:15 p.m.•194 views

CVE-2019-19646

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

9.8CVSS9.3AI score0.2153EPSS

CVE•added 2021/10/05 6:15 p.m.•113 views

CVE-2021-41116

Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in co...

9.8CVSS9.2AI score0.00828EPSS