Filtered by vendor Tenable
Subscriptions
Total
141 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-11046 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-09-16 | 3.7 Low |
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations. | ||||
CVE-2018-1154 | 1 Tenable | 1 Securitycenter | 2024-09-16 | N/A |
In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue. | ||||
CVE-2019-11045 | 7 Canonical, Debian, Fedoraproject and 4 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-09-16 | 3.7 Low |
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. | ||||
CVE-2020-7063 | 5 Debian, Opensuse, Php and 2 more | 6 Debian Linux, Leap, Php and 3 more | 2024-09-16 | 5.5 Medium |
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted. | ||||
CVE-2020-7070 | 8 Canonical, Debian, Fedoraproject and 5 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2024-09-16 | 4.3 Medium |
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. | ||||
CVE-2023-5623 | 1 Tenable | 1 Nessus Network Monitor | 2024-09-09 | 7 High |
NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location | ||||
CVE-2023-5624 | 1 Tenable | 1 Nessus Network Monitor | 2024-09-09 | 7.2 High |
Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection. | ||||
CVE-2023-5847 | 3 Linux, Microsoft, Tenable | 4 Linux Kernel, Windows, Nessus and 1 more | 2024-09-05 | 6.7 Medium |
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts. | ||||
CVE-2024-1891 | 1 Tenable | 1 Security Center | 2024-08-23 | 3.5 Low |
A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page. | ||||
CVE-2014-7280 | 1 Tenable | 1 Web Ui | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header. | ||||
CVE-2014-4980 | 1 Tenable | 2 Nessus, Web Ui | 2024-08-06 | N/A |
The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter. | ||||
CVE-2016-1000029 | 1 Tenable | 1 Nessus | 2024-08-06 | 4.8 Medium |
Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269). | ||||
CVE-2016-1000028 | 1 Tenable | 1 Nessus | 2024-08-06 | 4.8 Medium |
Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198). | ||||
CVE-2016-9261 | 1 Tenable | 1 Log Correlation Engine | 2024-08-06 | 5.4 Medium |
Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2016-9260 | 1 Tenable | 1 Nessus | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files. | ||||
CVE-2016-9259 | 1 Tenable | 1 Nessus | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2016-4448 | 9 Apple, Hp, Mcafee and 6 more | 22 Icloud, Iphone Os, Itunes and 19 more | 2024-08-06 | 9.8 Critical |
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | ||||
CVE-2016-4055 | 3 Momentjs, Oracle, Tenable | 3 Moment, Primavera Unifier, Nessus | 2024-08-06 | 6.5 Medium |
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." | ||||
CVE-2017-18214 | 3 Momentjs, Redhat, Tenable | 3 Moment, Jboss Enterprise Application Platform, Nessus | 2024-08-05 | 7.5 High |
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. | ||||
CVE-2017-7850 | 1 Tenable | 1 Nessus | 2024-08-05 | N/A |
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. |