MidnightBSD

Advisories for tenable

CVE-2013-5911 MEDIUM

Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tenable securitycenter 4.6
tenable securitycenter 4.7
CVE-2014-2848 MEDIUM

A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
tenable nessus 5.2.1
tenable plugin-set *
CVE-2014-4980 MEDIUM

The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
tenable nessus 5.2.5
tenable nessus 5.2.3
tenable nessus 5.2.6
tenable nessus 5.2.7
tenable web_ui *
tenable nessus 5.2.4
CVE-2014-7280 MEDIUM

Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tenable web_ui *
CVE-2016-1000028 LOW

Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2016-1000029 LOW

Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2016-4055 HIGH

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
tenable nessus *
momentjs moment *
oracle primavera_unifier *
CVE-2016-4448 HIGH

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_eus 7.4
apple watchos *
slackware slackware_linux 14.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_desktop 7.0
hp icewall_federation_agent 3.0
redhat enterprise_linux_server_eus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
oracle linux 6
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_tus 7.2
mcafee web_gateway *
xmlsoft libxml2 *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_eus 7.5
apple mac_os_x *
apple tvos *
redhat enterprise_linux_server 7.0
apple iphone_os *
oracle linux 7
redhat enterprise_linux_desktop 6.0
tenable log_correlation_engine 4.8.0
redhat enterprise_linux_server_eus 7.6
oracle vm_server 3.3
oracle vm_server 3.4
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_aus 7.2
apple itunes *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_tus 7.6
apple icloud *
slackware slackware_linux 14.1
CVE-2016-9259 LOW

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tenable nessus 6.9
tenable nessus 6.8
tenable nessus 6.8.1
tenable nessus 6.8.2
CVE-2016-9260 LOW

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2016-9261 LOW

Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tenable log_correlation_engine *
CVE-2017-11506 MEDIUM

When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
tenable nessus 6.10.2
tenable nessus 6.10.4
tenable nessus 6.5.6
tenable nessus 6.3.0
tenable nessus 6.10.5
tenable nessus 6.3.1
tenable nessus 6.10.0
tenable nessus 6.10.9
tenable nessus 6.1.2
tenable nessus 6.5.4
tenable nessus 6.7.0
tenable nessus 6.6.1
tenable nessus 6.9.0
tenable nessus 6.3.4
tenable nessus 6.1.1
tenable nessus 6.0.2
tenable nessus 6.6.2
tenable nessus 6.5.2
tenable nessus 6.3.2
tenable nessus 6.10.6
tenable nessus 6.8.0
tenable nessus 6.0.0
tenable nessus 6.3.5
tenable nessus 6.5.3
tenable nessus 6.10.7
tenable nessus 6.10.8
tenable nessus 6.10.1
tenable nessus 6.1.0
tenable nessus 6.3.7
tenable nessus 6.5.1
tenable nessus 6.0.1
tenable nessus 6.9.2
tenable nessus 6.3.3
tenable nessus 6.6.0
tenable nessus 6.2.1
tenable nessus 6.5.5
tenable nessus 6.2.0
tenable nessus 6.4.3
tenable nessus 6.5.0
tenable nessus 6.3.6
tenable nessus 6.4.1
tenable nessus 6.8.1
tenable nessus 6.10.3
tenable nessus 6.4.0
tenable nessus 6.9.1
tenable nessus 6.4.2
tenable nessus 6.9.3
CVE-2017-11508 MEDIUM

SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
tenable securitycenter 5.5.1
tenable securitycenter 5.5.2
tenable securitycenter 5.5.0
CVE-2017-18214 MEDIUM

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
tenable nessus *
momentjs moment *
CVE-2017-2122 LOW

Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tenable nessus 6.9.2
tenable nessus 6.8.0
tenable nessus 6.8.1
tenable nessus 6.9.0
tenable nessus 6.9.1
CVE-2017-5179 LOW

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2017-6543 MEDIUM

Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tenable nessus *
tenable appliance 4.4.0
CVE-2017-7199 HIGH

Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
tenable nessus 6.10.2
tenable nessus 6.8.0
tenable nessus 6.7
tenable nessus 6.10.1
tenable nessus 6.10.0
tenable nessus 6.9.2
tenable nessus 6.8.1
tenable nessus 6.9.0
tenable nessus 6.10.3
tenable nessus 6.9.1
tenable nessus 6.6.2
tenable nessus 6.9.3
CVE-2017-7849 LOW

Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode.

CVSS 2.0

Severity: LOW

Problem Type: CWE-732,

Products Affected

Vendor Product Version
tenable nessus 6.10.2
tenable nessus 6.10.4
tenable nessus 6.10.1
tenable nessus 6.10.3
tenable nessus 6.10.0
CVE-2017-7850 HIGH

Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
tenable nessus 6.10.2
tenable nessus 6.10.4
tenable nessus 6.10.1
tenable nessus 6.10.3
tenable nessus 6.10.0
CVE-2017-8050 MEDIUM

Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tenable appliance *
CVE-2017-8051 HIGH

Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tenable appliance 3.10.1
tenable appliance 4.1.0
tenable appliance 3.5.1
tenable appliance 4.3.0
tenable appliance 4.4.0
tenable appliance 3.4.0
tenable appliance 4.0.0
tenable appliance 3.10.0
tenable appliance 3.5.0
tenable appliance 4.2.0
tenable appliance 4.3.1
CVE-2018-1141 MEDIUM

When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2018-1142 LOW

Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tenable appliance *
CVE-2018-1147 LOW

In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios, XSS could also occur by altering variables from the Advanced Settings.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2018-1148 MEDIUM

In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2018-1154 LOW

In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tenable securitycenter *
CVE-2018-1155 LOW

In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tenable securitycenter *
CVE-2018-20843 HIGH

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
opensuse leap 15.1
libexpat_project libexpat *
canonical ubuntu_linux 16.04
oracle outside_in_technology 8.5.5
oracle outside_in_technology 8.5.4
oracle http_server 12.1.3.0
debian debian_linux 9.0
canonical ubuntu_linux 18.10
oracle http_server 12.2.1.4.0
fedoraproject fedora 30
opensuse leap 15.0
fedoraproject fedora 29
tenable nessus *
debian debian_linux 8.0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 19.04
canonical ubuntu_linux 14.04
oracle hospitality_res_3700 *
CVE-2018-5407 LOW

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.0 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-203,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
oracle application_server 1.0.1
canonical ubuntu_linux 16.04
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 18.10
oracle enterprise_manager_base_platform 13.2.0.0.0
oracle enterprise_manager_ops_center 12.3.3
oracle peoplesoft_enterprise_peopletools 8.55
oracle primavera_p6_enterprise_project_portfolio_management 16.2
tenable nessus *
oracle primavera_p6_enterprise_project_portfolio_management 15.2
openssl openssl *
debian debian_linux 8.0
oracle application_server 1.0.0
oracle primavera_p6_enterprise_project_portfolio_management 16.1
canonical ubuntu_linux 14.04
oracle primavera_p6_enterprise_project_portfolio_management 8.4
oracle enterprise_manager_base_platform 13.3.0.0.0
oracle primavera_p6_enterprise_project_portfolio_management 18.8
redhat enterprise_linux_server 7.0
oracle primavera_p6_enterprise_project_portfolio_management 15.1
oracle peoplesoft_enterprise_peopletools 8.56
redhat enterprise_linux_server_eus 7.6
debian debian_linux 9.0
redhat enterprise_linux_server 7.6
oracle peoplesoft_enterprise_peopletools 8.57
oracle primavera_p6_enterprise_project_portfolio_management *
nodejs node.js *
oracle api_gateway 11.1.2.4.0
oracle tuxedo 12.1.1.0.0
oracle vm_virtualbox *
oracle mysql_enterprise_backup *
redhat enterprise_linux_server_aus 7.6
oracle application_server 0.9.8
redhat enterprise_linux_server_tus 7.6
oracle enterprise_manager_base_platform 12.1.0.5.0
CVE-2019-11041 MEDIUM

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
apple mac_os_x *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
opensuse leap 15.0
debian debian_linux 8.0
canonical ubuntu_linux 12.04
tenable tenable.sc *
php php *
debian debian_linux 10.0
canonical ubuntu_linux 19.04
canonical ubuntu_linux 14.04
redhat software_collections 1.0
CVE-2019-11042 MEDIUM

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
apple mac_os_x *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
opensuse leap 15.0
debian debian_linux 8.0
canonical ubuntu_linux 12.04
tenable tenable.sc *
php php *
debian debian_linux 10.0
canonical ubuntu_linux 19.04
canonical ubuntu_linux 14.04
redhat software_collections 1.0
CVE-2019-11043 HIGH

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security@php.net 8.7 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 2.2 5.8

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_for_power_little_endian_eus 7.7_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 8.8_ppc64le
redhat enterprise_linux_server 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
fedoraproject fedora 30
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_for_arm_64_eus 8.4_aarch64
redhat enterprise_linux_for_scientific_computing 7.0
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
redhat enterprise_linux_server 7.0
redhat enterprise_linux_for_ibm_z_systems_eus 8.4_s390x
redhat enterprise_linux_for_arm_64_eus 8.2_aarch64
redhat enterprise_linux_for_ibm_z_systems_eus 8.8_s390x
redhat enterprise_linux_for_power_little_endian_eus 8.1_ppc64le
redhat enterprise_linux 8.0
redhat enterprise_linux_for_ibm_z_systems_eus 8.2_s390x
fedoraproject fedora 29
redhat enterprise_linux_for_ibm_z_systems_eus 8.6_s390x
redhat enterprise_linux_eus 8.1
canonical ubuntu_linux 12.04
tenable tenable.sc *
php php *
redhat enterprise_linux_for_arm_64_eus 8.1_aarch64
redhat software_collections 1.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_for_power_little_endian_eus 8.4_ppc64le
canonical ubuntu_linux 18.04
redhat enterprise_linux_for_ibm_z_systems_eus 7.7_s390x
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
canonical ubuntu_linux 16.04
fedoraproject fedora 31
redhat enterprise_linux_for_power_little_endian 7.0_ppc64le
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_for_ibm_z_systems 7.0_s390x
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
canonical ubuntu_linux 19.04
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 8.8
redhat enterprise_linux_for_power_little_endian_eus 8.6_ppc64le
redhat enterprise_linux_eus 7.7
debian debian_linux 9.0
redhat enterprise_linux_eus_compute_node 7.7
redhat enterprise_linux_for_arm_64_eus 8.6_aarch64
redhat enterprise_linux_eus 8.8
redhat enterprise_linux_for_arm_64 8.0_aarch64
redhat enterprise_linux_for_arm_64_eus 8.8_aarch64
redhat enterprise_linux_for_ibm_z_systems_eus 8.1_s390x
redhat enterprise_linux_server_tus 8.2
debian debian_linux 10.0
redhat enterprise_linux_for_ibm_z_systems 6.0_s390x
canonical ubuntu_linux 19.10
redhat enterprise_linux_for_power_little_endian_eus 8.2_ppc64le
CVE-2019-11044 MEDIUM

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-170,NVD-CWE-Other,

Products Affected

Vendor Product Version
php php 7.4.0
tenable securitycenter *
fedoraproject fedora 31
php php *
fedoraproject fedora 30
CVE-2019-11045 MEDIUM

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-170,CWE-74,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
opensuse leap 15.1
php php 7.4.0
canonical ubuntu_linux 16.04
fedoraproject fedora 31
debian debian_linux 9.0
fedoraproject fedora 30
tenable securitycenter *
debian debian_linux 8.0
canonical ubuntu_linux 12.04
php php *
debian debian_linux 10.0
canonical ubuntu_linux 19.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 19.10
CVE-2019-11046 MEDIUM

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
opensuse leap 15.1
php php 7.4.0
canonical ubuntu_linux 16.04
fedoraproject fedora 31
debian debian_linux 9.0
fedoraproject fedora 30
tenable securitycenter *
debian debian_linux 8.0
canonical ubuntu_linux 12.04
php php *
debian debian_linux 10.0
canonical ubuntu_linux 19.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 19.10
CVE-2019-11049 HIGH

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,CWE-415,

Products Affected

Vendor Product Version
php php 7.4.0
tenable securitycenter *
fedoraproject fedora 31
php php *
debian debian_linux 10.0
fedoraproject fedora 30
CVE-2019-11050 MEDIUM

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
opensuse leap 15.1
php php 7.4.0
canonical ubuntu_linux 16.04
fedoraproject fedora 31
debian debian_linux 9.0
fedoraproject fedora 30
tenable securitycenter *
debian debian_linux 8.0
canonical ubuntu_linux 12.04
php php *
debian debian_linux 10.0
canonical ubuntu_linux 19.04
canonical ubuntu_linux 14.04
CVE-2019-1551 MEDIUM

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
opensuse leap 15.1
canonical ubuntu_linux 16.04
fedoraproject fedora 31
oracle peoplesoft_enterprise_peopletools 8.56
oracle mysql_enterprise_monitor *
oracle peoplesoft_enterprise_peopletools 8.58
debian debian_linux 9.0
oracle peoplesoft_enterprise_peopletools 8.57
fedoraproject fedora 30
openssl openssl *
oracle enterprise_manager_ops_center 12.4.0.0
debian debian_linux 10.0
canonical ubuntu_linux 19.10
fedoraproject fedora 32
tenable log_correlation_engine *
CVE-2019-1559 MEDIUM

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 7.0
oracle enterprise_manager_base_platform 13.2.0.0.0
mcafee agent *
fedoraproject fedora 30
netapp a320_firmware -
tenable nessus *
f5 big-ip_application_security_manager *
opensuse leap 42.3
oracle enterprise_manager_base_platform 13.3.0.0.0
netapp hci_management_node -
oracle services_tools_bundle 19.2
netapp ontap_select_deploy_administration_utility -
oracle business_intelligence 12.2.1.4.0
oracle communications_session_border_controller 8.3
netapp oncommand_insight -
netapp storagegrid -
f5 big-ip_analytics *
fedoraproject fedora 29
f5 traffix_signaling_delivery_controller *
oracle communications_diameter_signaling_router 8.1
netapp steelstore_cloud_integrated_storage -
oracle mysql *
oracle communications_unified_session_manager 7.3.5
f5 big-ip_domain_name_system *
canonical ubuntu_linux 16.04
oracle jd_edwards_world_security a9.3.1
oracle mysql_enterprise_monitor *
redhat enterprise_linux_workstation 6.0
netapp c190_firmware -
oracle communications_session_border_controller 7.4
netapp storagegrid *
oracle enterprise_manager_ops_center 12.3.3
oracle peoplesoft_enterprise_peopletools 8.55
netapp snapprotect -
netapp oncommand_unified_manager -
f5 big-iq_centralized_management *
netapp hyper_converged_infrastructure -
netapp hci_compute_node -
netapp a800_firmware -
netapp oncommand_workflow_automation -
redhat enterprise_linux_desktop 6.0
netapp cloud_backup -
mcafee data_exchange_layer *
oracle communications_diameter_signaling_router 8.0.0
netapp active_iq_unified_manager -
nodejs node.js *
oracle communications_session_router 8.1
oracle jd_edwards_world_security a9.4
redhat virtualization_host 4.0
oracle communications_diameter_signaling_router 8.4
oracle secure_global_desktop 5.4
oracle enterprise_manager_base_platform 12.1.0.5.0
oracle communications_session_router 8.2
netapp element_software -
oracle communications_session_router 8.0
f5 big-ip_edge_gateway *
redhat enterprise_linux_desktop 7.0
mcafee web_gateway *
openssl openssl *
f5 big-ip_global_traffic_manager *
netapp fas2720_firmware -
f5 traffix_signaling_delivery_controller 4.4.0
netapp storage_automation_store -
netapp service_processor -
netapp snapcenter -
netapp cn1610_firmware -
oracle communications_session_border_controller 8.1.0
redhat enterprise_linux_server 7.0
oracle mysql_workbench *
netapp clustered_data_ontap_antivirus_connector -
oracle communications_diameter_signaling_router 8.3
oracle endeca_server 7.7.0
oracle business_intelligence 11.1.1.9.0
oracle peoplesoft_enterprise_peopletools 8.56
oracle business_intelligence 12.2.1.3.0
f5 big-ip_policy_enforcement_manager *
opensuse leap 15.0
oracle enterprise_manager_ops_center 12.4.0
oracle api_gateway 11.1.2.4.0
redhat virtualization 4.0
netapp fas2750_firmware -
netapp santricity_smi-s_provider -
netapp ontap_select_deploy -
oracle communications_session_border_controller 8.2
oracle jd_edwards_world_security a9.3
netapp a220_firmware -
redhat jboss_enterprise_web_server 5.0.0
canonical ubuntu_linux 18.04
fedoraproject fedora 31
netapp snapdrive -
canonical ubuntu_linux 18.10
oracle jd_edwards_enterpriseone_tools 9.2
f5 big-ip_access_policy_manager *
netapp smi-s_provider -
debian debian_linux 8.0
oracle communications_performance_intelligence_center 10.4.0.2
f5 big-ip_link_controller *
oracle communications_diameter_signaling_router 8.2
mcafee threat_intelligence_exchange_server *
netapp altavault -
f5 big-ip_webaccelerator *
paloaltonetworks pan-os *
opensuse leap 15.1
oracle communications_session_router 7.4
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
debian debian_linux 9.0
oracle peoplesoft_enterprise_peopletools 8.57
oracle communications_session_router 8.3
oracle communications_unified_session_manager 8.2.5
oracle communications_session_border_controller 8.0.0
f5 big-ip_fraud_protection_service *
netapp oncommand_unified_manager_core_package -
netapp solidfire -
f5 big-ip_local_traffic_manager *
CVE-2019-16168 MEDIUM

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
netapp steelstore_cloud_integrated_storage -
oracle mysql *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
oracle outside_in_technology 8.5.4
oracle zfs_storage_appliance 8.8
oracle solaris 11
mcafee policy_auditor *
fedoraproject fedora 30
canonical ubuntu_linux 19.04
oracle communications_design_studio 7.3.5.5.0
netapp oncommand_workflow_automation -
sqlite sqlite *
netapp ontap_select_deploy_administration_utility -
netapp santricity_unified_manager -
debian debian_linux 9.0
oracle communications_design_studio 7.3.4.3.0
netapp oncommand_insight -
oracle jre 1.8.0
oracle jdk 1.8.0
canonical ubuntu_linux 12.04
netapp e-series_santricity_os_controller *
tenable nessus_agent *
canonical ubuntu_linux 19.10
oracle communications_design_studio 7.4.0.4.0
CVE-2019-19645 LOW

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-674,

Products Affected

Vendor Product Version
oracle mysql_workbench *
netapp cloud_backup -
sqlite sqlite *
netapp ontap_select_deploy_administration_utility -
tenable tenable.sc *
siemens sinec_infrastructure_network_services *
CVE-2019-19646 HIGH

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-754,

Products Affected

Vendor Product Version
oracle mysql_workbench *
netapp cloud_backup -
sqlite sqlite *
netapp ontap_select_deploy_administration_utility -
tenable tenable.sc *
siemens sinec_infrastructure_network_services *
CVE-2019-19919 HIGH

Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1321,

Products Affected

Vendor Product Version
handlebars.js_project handlebars.js 4.0.1
handlebars.js_project handlebars.js 4.0.11
handlebars.js_project handlebars.js 1.1.1
handlebars.js_project handlebars.js 2.0.0
handlebars.js_project handlebars.js 4.0.0
handlebars.js_project handlebars.js 4.0.9
handlebars.js_project handlebars.js 4.1.1
handlebars.js_project handlebars.js 4.0.2
handlebars.js_project handlebars.js 4.0.4
handlebars.js_project handlebars.js 1.0.7
handlebars.js_project handlebars.js 1.2.1
handlebars.js_project handlebars.js 1.2.0
handlebars.js_project handlebars.js 1.0.8
handlebars.js_project handlebars.js 1.0.11
handlebars.js_project handlebars.js 3.0.7
handlebars.js_project handlebars.js 4.0.12
handlebars.js_project handlebars.js 4.0.8
handlebars.js_project handlebars.js 1.0.10
handlebars.js_project handlebars.js 4.0.14
handlebars.js_project handlebars.js 4.0.7
handlebars.js_project handlebars.js 3.0.0
handlebars.js_project handlebars.js 3.0.3
handlebars.js_project handlebars.js 4.1.0
handlebars.js_project handlebars.js 4.0.10
handlebars.js_project handlebars.js 4.0.13
handlebars.js_project handlebars.js 4.0.5
handlebars.js_project handlebars.js 3.0.4
handlebars.js_project handlebars.js 1.1.0
handlebars.js_project handlebars.js 1.1.2
handlebars.js_project handlebars.js 4.0.6
handlebars.js_project handlebars.js 1.0.9
handlebars.js_project handlebars.js 1.0.12
handlebars.js_project handlebars.js 4.2.1
handlebars.js_project handlebars.js 3.0.2
handlebars.js_project handlebars.js 1.3.0
handlebars.js_project handlebars.js 4.2.0
handlebars.js_project handlebars.js 4.2.2
handlebars.js_project handlebars.js 3.0.1
handlebars.js_project handlebars.js 1.0.6
tenable tenable.sc *
handlebars.js_project handlebars.js 3.0.6
handlebars.js_project handlebars.js 4.1.2
handlebars.js_project handlebars.js 3.0.5
handlebars.js_project handlebars.js 4.0.3
CVE-2019-3923 LOW

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session. Tenable has released Nessus 8.2.2 to address this issue.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2019-3961 MEDIUM

Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a users browser session.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2019-3962 MEDIUM

Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the authenticated adversary to inject arbitrary text into the feed status, which will remain saved post session expiration.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2019-3974 HIGH

Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2019-3982 MEDIUM

Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2019-8331 MEDIUM

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
getbootstrap bootstrap *
f5 big-ip_domain_name_system *
f5 big-ip_edge_gateway *
redhat virtualization_manager 4.3
f5 big-ip_application_acceleration_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_analytics *
f5 big-ip_global_traffic_manager *
tenable tenable.sc *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_local_traffic_manager *
f5 big-ip_application_security_manager *
CVE-2020-11022 MEDIUM

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N 1.6 4.7
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
oracle financial_services_basel_regulatory_capital_basic 8.1.0
oracle hospitality_simphony 18.1
oracle financial_services_asset_liability_management 8.1.0
oracle healthcare_foundation 7.2.0
netapp snap_creator_framework -
oracle communications_billing_and_revenue_management 12.0.0.3.0
oracle financial_services_liquidity_risk_measurement_and_management 8.0.7
oracle financial_services_hedge_management_and_ifrs_valuations 8.1.0
fedoraproject fedora 32
oracle financial_services_funds_transfer_pricing 8.1.0
oracle financial_services_profitability_management 8.0.7
oracle agile_product_supplier_collaboration_for_process 6.2.0.0
oracle insurance_insbridge_rating_and_underwriting 5.6.1.0
oracle enterprise_session_border_controller 8.4
oracle communications_application_session_controller 3.8m0
netapp oncommand_insight -
oracle banking_digital_experience 20.1
oracle financial_services_basel_regulatory_capital_internal_ratings_based_approach *
netapp h410c_firmware -
oracle financial_services_market_risk_measurement_and_management 8.0.8
oracle hospitality_materials_control 18.1
oracle financial_services_loan_loss_forecasting_and_provisioning *
oracle banking_digital_experience *
oracle financial_services_liquidity_risk_measurement_and_management 8.0.8
jquery jquery *
oracle weblogic_server 12.2.1.4.0
oracle financial_services_institutional_performance_analytics 8.1.0
oracle jdeveloper 12.2.1.4.0
oracle communications_billing_and_revenue_management 7.5.0.23.0
oracle financial_services_data_integration_hub 8.1.0
oracle financial_services_data_foundation *
oracle financial_services_analytical_applications_reconciliation_framework *
oracle communications_diameter_signaling_router_idih: *
oracle jdeveloper 12.2.1.3.0
oracle blockchain_platform *
oracle insurance_data_foundation *
oracle financial_services_market_risk_measurement_and_management 8.0.6
fedoraproject fedora 33
oracle weblogic_server 12.2.1.3.0
oracle storagetek_acsls 8.5.1
oracle policy_automation *
oracle enterprise_manager_ops_center 12.4.0.0
oracle financial_services_liquidity_risk_management 8.0.6
oracle financial_services_price_creation_and_discovery 8.0.7
oracle retail_back_office 14.0
oracle weblogic_server 14.1.1.0.0
opensuse leap 15.2
netapp h300s_firmware -
oracle healthcare_foundation 7.2.1
oracle retail_back_office 14.1
oracle banking_digital_experience 19.2
oracle financial_services_loan_loss_forecasting_and_provisioning 8.1.0
oracle financial_services_basel_regulatory_capital_basic *
netapp oncommand_system_manager *
netapp h500s_firmware -
oracle financial_services_data_integration_hub 8.0.7
drupal drupal *
netapp h410s_firmware -
oracle financial_services_profitability_management 8.0.6
oracle financial_services_price_creation_and_discovery 8.0.6
oracle financial_services_liquidity_risk_measurement_and_management 8.1.0
oracle financial_services_institutional_performance_analytics 8.0.7
netapp h300e_firmware -
netapp snapcenter -
oracle banking_digital_experience 18.3
oracle policy_automation_for_mobile_devices *
oracle insurance_allocation_manager_for_enterprise_profitability 8.0.8
oracle financial_services_funds_transfer_pricing 8.0.7
oracle banking_digital_experience 18.1
oracle financial_services_profitability_management 8.1.0
netapp h700e_firmware -
oracle weblogic_server 10.3.6.0.0
oracle peoplesoft_enterprise_peopletools 8.56
oracle banking_digital_experience 18.2
oracle financial_services_balance_sheet_planning 8.0.8
oracle healthcare_foundation 7.1.1
oracle insurance_insbridge_rating_and_underwriting *
oracle financial_services_regulatory_reporting_for_us_federal_reserve *
oracle financial_services_asset_liability_management 8.0.7
oracle communications_eagle_application_processor *
oracle insurance_allocation_manager_for_enterprise_profitability 8.1.0
tenable log_correlation_engine *
oracle financial_services_data_integration_hub 8.0.6
netapp h500e_firmware -
fedoraproject fedora 31
oracle healthcare_foundation 7.3.0
netapp h700s_firmware -
oracle peoplesoft_enterprise_peopletools 8.58
oracle insurance_accounting_analyzer 8.0.9
oracle hospitality_simphony 18.2
oracle retail_customer_management_and_segmentation_foundation 19.0
oracle siebel_ui_framework 20.8
oracle financial_services_institutional_performance_analytics 8.0.6
oracle jdeveloper 11.1.1.9.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_data_governance_for_us_regulatory_reporting *
oracle hospitality_simphony *
oracle communications_webrtc_session_controller 7.2
opensuse leap 15.1
oracle communications_services_gatekeeper 7.0
oracle financial_services_hedge_management_and_ifrs_valuations *
netapp max_data -
oracle banking_digital_experience 19.1
oracle financial_services_funds_transfer_pricing 8.0.6
oracle insurance_data_foundation 8.0.6-8.1.0
debian debian_linux 9.0
oracle peoplesoft_enterprise_peopletools 8.57
oracle financial_services_regulatory_reporting_for_european_banking_authority *
oracle financial_services_analytical_applications_reconciliation_framework 8.1.0
oracle financial_services_asset_liability_management 8.0.6
oracle application_testing_suite 13.3.0.1
oracle financial_services_basel_regulatory_capital_internal_ratings_based_approach 8.1.0
oracle policy_automation_connector_for_siebel 10.4.6
oracle retail_returns_management 14.1
oracle hospitality_simphony 19.1.0-19.1.2
oracle weblogic_server 12.1.3.0.0
oracle agile_product_lifecycle_management_for_process 6.2.0.0
oracle retail_returns_management 14.0
CVE-2020-11023 MEDIUM

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
oracle communications_interactive_session_recorder *
netapp oncommand_system_manager *
netapp h500s_firmware -
oracle rest_data_services 12.1.0.2
drupal drupal *
oracle communications_analytics 12.1.1
oracle rest_data_services 18c
netapp h410s_firmware -
oracle financial_services_regulatory_reporting_for_de_nederlandsche_bank 8.0.4
netapp cloud_insights_storage_workload_security_agent -
oracle communications_session_route_manager 8.2.0
netapp snap_creator_framework -
netapp snapcenter_server -
oracle banking_platform *
netapp h300e_firmware -
fedoraproject fedora 32
oracle healthcare_translational_research 3.4.0
oracle primavera_gateway *
oracle storagetek_tape_analytics_sw_tool 2.3.1
oracle healthcare_translational_research 3.3.2
oracle communications_element_manager 8.1.1
oracle banking_enterprise_collections *
netapp h700e_firmware -
oracle communications_operations_monitor *
oracle rest_data_services 11.2.0.4
oracle communications_session_report_manager 8.2.1
netapp oncommand_insight -
netapp h410c_firmware -
oracle financial_services_revenue_management_and_billing_analytics 2.7
jquery jquery *
oracle weblogic_server 12.2.1.4.0
oracle communications_session_route_manager 8.1.1
oracle peoplesoft_enterprise_human_capital_management_resources 9.2
oracle communications_eagle_application_processor *
oracle communications_session_report_manager 8.1.1
oracle communications_session_route_manager 8.2.1
tenable log_correlation_engine *
oracle communications_element_manager 8.2.0
oracle communications_element_manager 8.2.1
netapp h500e_firmware -
oracle blockchain_platform *
fedoraproject fedora 31
netapp h700s_firmware -
fedoraproject fedora 33
oracle weblogic_server 12.2.1.3.0
oracle health_sciences_inform 6.3.0
oracle storagetek_acsls 8.5.1
oracle webcenter_sites 12.2.1.4.0
oracle financial_services_revenue_management_and_billing_analytics 2.8
oracle application_express *
oracle business_intelligence 5.9.0.0.0
oracle healthcare_translational_research 3.2.1
oracle siebel_mobile *
oracle rest_data_services 12.2.0.1
oracle hyperion_financial_reporting 11.1.2.4
oracle rest_data_services 19c
oracle communications_services_gatekeeper 7.0
oracle healthcare_translational_research 3.3.1
oracle jd_edwards_enterpriseone_tools *
netapp cloud_backup -
netapp max_data -
debian debian_linux 9.0
oracle weblogic_server 14.1.1.0.0
oracle communications_operations_monitor 3.4
netapp h300s_firmware -
netapp active_iq_unified_manager -
oracle application_testing_suite 13.3.0.1
oracle communications_session_report_manager 8.2.0
oracle oss_support_tools *
oracle blockchain_platform 21.1.2
oracle jd_edwards_enterpriseone_orchestrator *
oracle weblogic_server 12.1.3.0.0
oracle webcenter_sites 12.2.1.3.0
netapp hci_baseboard_management_controller -
CVE-2020-11655 MEDIUM

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-665,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
oracle mysql *
oracle hyperion_infrastructure_technology 11.1.2.4
canonical ubuntu_linux 16.04
oracle communications_session_report_manager *
oracle communications_element_manager *
oracle outside_in_technology 8.5.4
oracle communications_messaging_server 8.1
siemens sinec_infrastructure_network_services *
canonical ubuntu_linux 20.04
debian debian_linux 8.0
oracle enterprise_manager_ops_center 12.4.0.0
oracle instantis_enterprisetrack 17.1
oracle zfs_storage_appliance_kit 8.8
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
oracle communications_network_charging_and_control 12.0.2
oracle mysql_workbench *
oracle outside_in_technology 8.5.5
sqlite sqlite *
netapp ontap_select_deploy_administration_utility -
oracle communications_network_charging_and_control 6.0.1
debian debian_linux 9.0
oracle communications_session_route_manager *
oracle communications_network_charging_and_control *
tenable tenable.sc *
canonical ubuntu_linux 19.10
CVE-2020-11656 HIGH

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
oracle mysql *
oracle mysql_workbench *
oracle hyperion_infrastructure_technology 11.1.2.4
oracle outside_in_technology 8.5.5
oracle outside_in_technology 8.5.4
sqlite sqlite *
netapp ontap_select_deploy_administration_utility -
oracle communications_network_charging_and_control 6.0.1
oracle communications_messaging_server 8.1
siemens sinec_infrastructure_network_services *
oracle communications_network_charging_and_control *
oracle enterprise_manager_ops_center 12.4.0.0
oracle zfs_storage_appliance_kit 8.8
tenable tenable.sc *
oracle communications_network_charging_and_control 12.0.2
CVE-2020-1967 MEDIUM

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
netapp steelstore_cloud_integrated_storage -
oracle mysql *
oracle mysql_connectors *
jdedwards enterpriseone *
netapp active_iq_unified_manager *
fedoraproject fedora 31
oracle mysql_enterprise_monitor *
oracle peoplesoft_enterprise_peopletools 8.58
oracle http_server 12.2.1.4.0
fedoraproject fedora 30
netapp smi-s_provider -
openssl openssl *
oracle enterprise_manager_for_storage_management 13.3.0.0
fedoraproject fedora 32
netapp snapcenter -
opensuse leap 15.1
oracle mysql_workbench *
oracle enterprise_manager_for_storage_management 13.4.0.0
netapp oncommand_workflow_automation -
oracle enterprise_manager_base_platform 13.4.0.0
oracle peoplesoft_enterprise_peopletools 8.56
broadcom fabric_operating_system -
debian debian_linux 9.0
oracle peoplesoft_enterprise_peopletools 8.57
opensuse leap 15.2
netapp oncommand_insight -
oracle enterprise_manager_ops_center 12.4.0
oracle jd_edwards_world_security a9.4
oracle peoplesoft_enterprise_peopletools 8.59
netapp e-series_performance_analyzer -
oracle application_server 12.1.3
debian debian_linux 10.0
freebsd freebsd 12.1
tenable log_correlation_engine *
CVE-2020-1971 MEDIUM

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
netapp plug-in_for_symantec_netbackup -
oracle essbase 21.2
oracle communications_subscriber-aware_load_balancer cz8.4
oracle communications_session_border_controller cz8.4
oracle graalvm 20.3.0
oracle mysql_server *
openssl openssl *
oracle communications_unified_session_manager scz8.2.5
oracle enterprise_session_border_controller cz8.2
oracle enterprise_session_border_controller cz8.4
fedoraproject fedora 32
oracle enterprise_communications_broker pcz3.2
netapp data_ontap -
netapp snapcenter -
oracle enterprise_session_border_controller cz8.3
netapp clustered_data_ontap_antivirus_connector -
oracle enterprise_manager_base_platform 13.4.0.0
netapp hci_management_node -
oracle peoplesoft_enterprise_peopletools 8.56
oracle business_intelligence 12.2.1.3.0
oracle business_intelligence 12.2.1.4.0
netapp aff_a250_firmware -
netapp manageability_software_development_kit -
netapp oncommand_insight -
oracle api_gateway 11.1.2.4.0
netapp santricity_smi-s_provider -
netapp e-series_santricity_os_controller *
oracle communications_session_router cz8.4
tenable log_correlation_engine *
oracle communications_session_router cz8.3
oracle mysql *
oracle enterprise_manager_base_platform 13.3.0.0
oracle peoplesoft_enterprise_peopletools 8.58
fedoraproject fedora 33
siemens sinec_infrastructure_network_services *
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
oracle communications_subscriber-aware_load_balancer cz8.2
oracle http_server 12.2.1.4.0
oracle graalvm 19.3.4
oracle enterprise_communications_broker pcz3.1
oracle business_intelligence 5.9.0.0.0
oracle enterprise_manager_ops_center 12.4.0.0
oracle communications_diameter_intelligence_hub *
netapp hci_storage_node -
netapp hci_compute_node -
tenable nessus_network_monitor *
oracle communications_subscriber-aware_load_balancer cz8.3
oracle enterprise_communications_broker pcz3.3
oracle enterprise_manager_for_storage_management 13.4.0.0
netapp oncommand_workflow_automation -
oracle jd_edwards_enterpriseone_tools *
oracle communications_session_border_controller cz8.3
debian debian_linux 9.0
oracle peoplesoft_enterprise_peopletools 8.57
netapp active_iq_unified_manager -
netapp ef600a_firmware -
nodejs node.js *
oracle communications_session_border_controller cz8.2
oracle jd_edwards_world_security a9.4
oracle business_intelligence 5.5.0.0.0
debian debian_linux 10.0
oracle communications_session_router cz8.2
netapp solidfire -
CVE-2020-5737 LOW

Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Updated input validation techniques have been implemented to correct this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tenable tenable.sc 5.14.0
tenable tenable.sc 5.14.1
CVE-2020-5765 LOW

Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable has implemented additional input validation mechanisms to correct this issue in Nessus 8.11.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2020-5774 LOW

Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-613,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2020-5793 HIGH

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tenable nessus *
tenable nessus_agent 8.0.0
tenable nessus_agent 8.1.0
CVE-2020-5794 MEDIUM

A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tenable nessus_network_monitor 5.11.0
tenable nessus_network_monitor 5.11.1
tenable nessus_network_monitor 5.12.0
CVE-2020-5808 MEDIUM

In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tenable tenable.sc *
CVE-2020-5812 MEDIUM

Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
tenable nessus_amazon_machine_image *
CVE-2020-7059 MEDIUM

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2
security@php.net 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
debian debian_linux 8.0
oracle communications_diameter_signaling_router *
tenable tenable.sc *
php php *
CVE-2020-7060 MEDIUM

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2
security@php.net 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
debian debian_linux 8.0
oracle communications_diameter_signaling_router *
tenable tenable.sc *
php php *
CVE-2020-7061 MEDIUM

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2
security@php.net 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
tenable tenable.sc *
php php *
CVE-2020-7063 MEDIUM

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@php.net 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-281,CWE-281,

Products Affected

Vendor Product Version
opensuse leap 15.1
debian debian_linux 8.0
tenable tenable.sc *
php php *
debian debian_linux 10.0
debian debian_linux 9.0
CVE-2020-7064 MEDIUM

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@php.net 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 3.9 2.5
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
opensuse leap 15.1
canonical ubuntu_linux 16.04
debian debian_linux 9.0
canonical ubuntu_linux 20.04
debian debian_linux 8.0
canonical ubuntu_linux 12.04
tenable tenable.sc *
php php *
debian debian_linux 10.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 19.10
CVE-2020-7065 MEDIUM

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@php.net 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H 2.2 5.2
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
tenable tenable.sc *
php php *
debian debian_linux 10.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 19.10
CVE-2020-7066 MEDIUM

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.8 1.4
security@php.net 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-170,NVD-CWE-Other,

Products Affected

Vendor Product Version
opensuse leap 15.1
debian debian_linux 8.0
tenable tenable.sc 5.19.0
tenable tenable.sc *
php php *
debian debian_linux 10.0
debian debian_linux 9.0
CVE-2020-7067 MEDIUM

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security@php.net 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-196,CWE-125,

Products Affected

Vendor Product Version
oracle communications_diameter_signaling_router *
tenable tenable.sc *
php php *
debian debian_linux 10.0
debian debian_linux 9.0
CVE-2020-7068 LOW

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@php.net 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L 2.2 2.5
nvd@nist.gov 3.6 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L 1.0 2.5

CVSS 2.0

Severity: LOW

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
tenable tenable.sc *
php php *
debian debian_linux 10.0
CVE-2020-7069 MEDIUM

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@php.net 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 2.8 2.5
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-326,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
opensuse leap 15.1
canonical ubuntu_linux 16.04
fedoraproject fedora 31
oracle communications_diameter_signaling_router *
fedoraproject fedora 33
opensuse leap 15.2
netapp clustered_data_ontap -
canonical ubuntu_linux 20.04
canonical ubuntu_linux 12.04
tenable tenable.sc *
php php *
debian debian_linux 10.0
canonical ubuntu_linux 14.04
fedoraproject fedora 32
CVE-2020-7070 MEDIUM

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
security@php.net 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-565,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
opensuse leap 15.1
canonical ubuntu_linux 16.04
fedoraproject fedora 31
fedoraproject fedora 33
debian debian_linux 9.0
opensuse leap 15.2
netapp clustered_data_ontap -
canonical ubuntu_linux 20.04
canonical ubuntu_linux 12.04
tenable tenable.sc *
php php *
debian debian_linux 10.0
canonical ubuntu_linux 14.04
fedoraproject fedora 32
CVE-2021-20076 MEDIUM

Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
tenable tenable.sc *
CVE-2021-20077 HIGH

Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tenable nessus_agent *
CVE-2021-20079 HIGH

Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2021-20099 MEDIUM

Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2021-20100 MEDIUM

Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2021-20106 HIGH

Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2021-20117 HIGH

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tenable nessus_agent *
CVE-2021-20118 HIGH

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tenable nessus_agent *
CVE-2021-20135 MEDIUM

Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/nessus).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2021-21371 MEDIUM

Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run arbitrary commands through the yaml.load() method. This could allow an attacker with local access to the host to run arbitrary code by running the application with a specially crafted YAML configuration file. This is fixed in version 1.1.21 by using yaml.safe_load() instead of yaml.load().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 1.8 2.7
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 1.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
tenable jira_cloud *
CVE-2021-21707 MEDIUM

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
security@php.net 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-159,NVD-CWE-Other,

Products Affected

Vendor Product Version
debian debian_linux 11.0
netapp clustered_data_ontap -
tenable tenable.sc *
php php *
debian debian_linux 10.0
CVE-2021-23358 MEDIUM

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
report@snyk.io 3.3 LOW CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N 0.7 2.5
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
fedoraproject fedora 34
tenable tenable.sc *
debian debian_linux 10.0
fedoraproject fedora 33
debian debian_linux 9.0
underscorejs underscore *
CVE-2021-23840 MEDIUM

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
tenable nessus_network_monitor 5.11.0
fujitsu m10-4_firmware *
oracle graalvm 21.0.0.2
oracle graalvm 20.3.1.2
tenable nessus_network_monitor 5.12.1
mcafee epolicy_orchestrator *
mcafee epolicy_orchestrator 5.10.0
oracle nosql_database *
tenable nessus_network_monitor 5.11.1
fujitsu m10-1_firmware *
oracle business_intelligence 5.9.0.0.0
oracle mysql_server *
openssl openssl *
oracle enterprise_manager_ops_center 12.4.0.0
fujitsu m10-4s_firmware *
fujitsu m12-2_firmware *
oracle enterprise_manager_for_storage_management 13.4.0.0
oracle jd_edwards_enterpriseone_tools *
oracle communications_cloud_native_core_policy 1.15.0
oracle business_intelligence 12.2.1.3.0
oracle business_intelligence 12.2.1.4.0
fujitsu m12-2s_firmware *
nodejs node.js *
oracle graalvm 19.3.5
tenable nessus_network_monitor 5.13.0
oracle jd_edwards_world_security a9.4
oracle business_intelligence 5.5.0.0.0
debian debian_linux 10.0
nodejs node.js 14.15.0
fujitsu m12-1_firmware *
tenable log_correlation_engine *
tenable nessus_network_monitor 5.12.0
CVE-2021-23841 MEDIUM

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
tenable nessus_network_monitor 5.11.0
oracle graalvm 21.0.0.2
oracle essbase 21.2
apple safari *
oracle graalvm 20.3.1.2
tenable nessus_network_monitor 5.12.1
oracle mysql_enterprise_monitor *
oracle peoplesoft_enterprise_peopletools 8.58
tenable nessus_network_monitor 5.11.1
oracle business_intelligence 5.9.0.0.0
oracle mysql_server *
openssl openssl *
oracle enterprise_manager_ops_center 12.4.0.0
oracle zfs_storage_appliance_kit 8.8
netapp snapcenter -
oracle enterprise_manager_for_storage_management 13.4.0.0
apple iphone_os *
netapp oncommand_workflow_automation -
oracle communications_cloud_native_core_policy 1.15.0
oracle business_intelligence 12.2.1.3.0
siemens sinec_ins *
siemens sinec_ins 1.0
oracle business_intelligence 12.2.1.4.0
oracle peoplesoft_enterprise_peopletools 8.57
apple ipados *
netapp oncommand_insight -
apple macos *
oracle graalvm 19.3.5
tenable nessus_network_monitor 5.13.0
oracle jd_edwards_world_security a9.4
oracle business_intelligence 5.5.0.0.0
oracle peoplesoft_enterprise_peopletools 8.59
tenable tenable.sc *
debian debian_linux 10.0
tenable nessus_network_monitor 5.12.0
CVE-2021-33193 MEDIUM

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
fedoraproject fedora 35
fedoraproject fedora 34
oracle zfs_storage_appliance_kit 8.8
apache http_server *
tenable tenable.sc *
debian debian_linux 10.0
oracle secure_backup *
CVE-2021-3449 MEDIUM

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
oracle mysql_connectors *
siemens scalance_xr552-12_firmware *
sonicwall sma100_firmware *
siemens simatic_s7-1200_cpu_1212c_firmware *
oracle graalvm 20.3.1.2
tenable nessus_network_monitor 5.12.1
siemens simatic_rf188c_firmware *
siemens sinec_nms 1.0
siemens simatic_s7-1200_cpu_1215_fc_firmware *
tenable nessus *
siemens simatic_net_cp_1243-8_irc_firmware *
siemens simatic_pcs_7_telecontrol_firmware *
oracle secure_global_desktop 5.6
siemens simatic_s7-1500_cpu_1518-4_pn/dp_mfp_firmware *
siemens scalance_s602_firmware *
siemens scalance_xr528-6m_firmware *
siemens simatic_s7-1200_cpu_1214_fc_firmware *
siemens simatic_rf185c_firmware *
oracle primavera_unifier 20.12
siemens simatic_net_cp_1543sp-1_firmware *
netapp ontap_select_deploy_administration_utility -
siemens simatic_net_cp1243-7_lte_us_firmware *
netapp oncommand_insight -
netapp storagegrid -
checkpoint quantum_security_gateway_firmware r81
siemens simatic_hmi_ktp_mobile_panels_firmware *
tenable nessus_network_monitor 5.13.0
checkpoint quantum_security_gateway_firmware r80.40
oracle primavera_unifier 21.12
siemens scalance_s623_firmware *
siemens tim_1531_irc_firmware *
siemens simatic_net_cp_1545-1_firmware *
siemens scalance_lpe9403_firmware *
siemens simatic_cloud_connect_7_firmware *
siemens scalance_xb-200_firmware *
siemens simatic_cp_1242-7_gprs_v2_firmware -
siemens simatic_net_cp1243-7_lte_eu_firmware *
tenable nessus_network_monitor 5.11.1
siemens simatic_s7-1200_cpu_1215c_firmware *
siemens simatic_rf188ci_firmware *
freebsd freebsd 12.2
sonicwall sonicos 7.0.1.0
siemens simatic_rf186c_firmware *
siemens simatic_mv500_firmware *
netapp oncommand_workflow_automation -
siemens simatic_rf186ci_firmware *
oracle jd_edwards_enterpriseone_tools *
siemens simatic_wincc_runtime_advanced *
siemens simatic_net_cp_1243-1_firmware *
siemens scalance_xr526-8c_firmware *
oracle secure_backup *
siemens sinec_pni -
netapp active_iq_unified_manager -
siemens simatic_pcs_neo_firmware *
nodejs node.js *
siemens ruggedcom_rcm1224_firmware *
siemens simatic_s7-1200_cpu_1217c_firmware *
oracle jd_edwards_world_security a9.4
siemens scalance_s612_firmware *
siemens simatic_net_cp_1542sp-1_irc_firmware *
siemens scalance_xr-300wg_firmware *
tenable nessus_network_monitor 5.11.0
checkpoint quantum_security_management_firmware r81
oracle graalvm 21.0.0.2
netapp cloud_volumes_ontap_mediator -
oracle essbase 21.2
siemens simatic_s7-1200_cpu_1211c_firmware *
checkpoint quantum_security_management_firmware r80.40
siemens scalance_s615_firmware *
siemens simatic_process_historian_opc_ua_server_firmware *
siemens simatic_cp_1242-7_gprs_v2_firmware *
oracle primavera_unifier 19.12
mcafee web_gateway 8.2.19
siemens sinamics_connect_300_firmware *
oracle mysql_server *
openssl openssl *
siemens simatic_logon *
siemens simatic_hmi_comfort_outdoor_panels_firmware *
siemens sinumerik_opc_ua_server *
oracle primavera_unifier *
netapp snapcenter -
oracle mysql_workbench *
siemens scalance_xc-200_firmware *
mcafee web_gateway_cloud_service 9.2.10
siemens scalance_sc-600_firmware *
siemens scalance_m-800_firmware *
mcafee web_gateway_cloud_service 8.2.19
oracle peoplesoft_enterprise_peopletools 8.59
siemens scalance_w1700_firmware *
netapp santricity_smi-s_provider -
tenable tenable.sc *
siemens scalance_xf-200ba_firmware *
siemens scalance_xr524-8c_firmware *
tenable log_correlation_engine *
mcafee web_gateway 10.1.1
oracle peoplesoft_enterprise_peopletools 8.58
siemens simatic_cloud_connect_7_firmware -
siemens sinec_infrastructure_network_services *
siemens simatic_wincc_telecontrol -
siemens simatic_s7-1200_cpu_1214c_firmware *
sonicwall capture_client 3.5
siemens simatic_rf166c_firmware *
siemens sinema_server 14.0
mcafee web_gateway_cloud_service 10.1.1
siemens scalance_s627-2m_firmware *
oracle communications_communications_policy_management 12.6.0.0.0
oracle zfs_storage_appliance_kit 8.8
mcafee web_gateway 9.2.10
siemens scalance_w700_firmware *
oracle enterprise_manager_for_storage_management 13.4.0.0
siemens simatic_s7-1200_cpu_1212fc_firmware *
fedoraproject fedora 34
siemens simatic_rf360r_firmware *
debian debian_linux 9.0
oracle peoplesoft_enterprise_peopletools 8.57
siemens simatic_hmi_basic_panels_2nd_generation_firmware *
siemens tia_administrator *
siemens scalance_xp-200_firmware *
checkpoint multi-domain_management_firmware r80.40
oracle graalvm 19.3.5
siemens scalance_xm-400_firmware *
checkpoint multi-domain_management_firmware r81
netapp e-series_performance_analyzer -
debian debian_linux 10.0
siemens simatic_net_cp_1543-1_firmware *
siemens simatic_logon 1.5
siemens simatic_pdm_firmware *
tenable nessus_network_monitor 5.12.0
CVE-2021-3450 MEDIUM

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
tenable nessus_network_monitor 5.11.0
oracle mysql_connectors *
oracle graalvm 21.0.0.2
sonicwall capture_client *
netapp cloud_volumes_ontap_mediator -
sonicwall sma100_firmware *
mcafee web_gateway 10.1.1
oracle graalvm 20.3.1.2
tenable nessus_network_monitor 5.12.1
oracle mysql_enterprise_monitor *
netapp storagegrid_firmware -
tenable nessus_network_monitor 5.11.1
mcafee web_gateway 8.2.19
mcafee web_gateway_cloud_service 10.1.1
oracle mysql_server *
tenable nessus *
openssl openssl *
windriver linux -
oracle secure_global_desktop 5.6
mcafee web_gateway 9.2.10
freebsd freebsd 12.2
windriver linux 17.0
windriver linux 18.0
oracle mysql_workbench *
oracle enterprise_manager_for_storage_management 13.4.0.0
netapp oncommand_workflow_automation -
oracle jd_edwards_enterpriseone_tools *
oracle peoplesoft_enterprise_peopletools *
windriver linux 19.0
fedoraproject fedora 34
netapp ontap_select_deploy_administration_utility -
mcafee web_gateway_cloud_service 9.2.10
oracle weblogic_server 14.1.1.0.0
netapp storagegrid -
oracle secure_backup *
nodejs node.js *
sonicwall sonicos *
oracle graalvm 19.3.5
mcafee web_gateway_cloud_service 8.2.19
tenable nessus_network_monitor 5.13.0
oracle jd_edwards_world_security a9.4
oracle weblogic_server 12.2.1.4.0
oracle commerce_guided_search 11.3.2
tenable nessus_agent *
netapp santricity_smi-s_provider_firmware -
sonicwall email_security *
tenable nessus_network_monitor 5.12.0
CVE-2021-34798 MEDIUM

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
siemens ruggedcom_nms *
oracle peoplesoft_enterprise_peopletools 8.58
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
oracle enterprise_manager_base_platform 13.5.0.0
oracle http_server 12.2.1.4.0
siemens sinema_server 14.0
oracle instantis_enterprisetrack 17.1
oracle zfs_storage_appliance_kit 8.8
oracle instantis_enterprisetrack 17.2
apache http_server *
oracle http_server 12.2.1.3.0
siemens sinec_nms *
oracle instantis_enterprisetrack 17.3
fedoraproject fedora 35
debian debian_linux 11.0
oracle enterprise_manager_base_platform 13.4.0.0
fedoraproject fedora 34
netapp cloud_backup -
broadcom brocade_fabric_operating_system_firmware -
debian debian_linux 9.0
netapp storagegrid -
netapp clustered_data_ontap -
tenable tenable.sc *
debian debian_linux 10.0
CVE-2021-3711 HIGH

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
oracle mysql_connectors *
oracle enterprise_communications_broker 3.3.0
oracle mysql_enterprise_monitor *
oracle peoplesoft_enterprise_peopletools 8.58
oracle enterprise_session_border_controller 9.0
oracle communications_cloud_native_core_unified_data_repository 1.15.0
oracle mysql_server *
openssl openssl *
oracle health_sciences_inform_publisher 6.3.1.1
oracle zfs_storage_appliance_kit 8.8
oracle communications_session_border_controller 8.4
oracle enterprise_communications_broker 3.2.0
tenable nessus_network_monitor *
oracle essbase *
netapp snapcenter -
oracle communications_session_border_controller 9.0
debian debian_linux 11.0
netapp oncommand_workflow_automation -
oracle jd_edwards_enterpriseone_tools *
netapp clustered_data_ontap_antivirus_connector -
oracle enterprise_session_border_controller 8.4
netapp hci_management_node -
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0
oracle communications_unified_session_manager 8.4.5
oracle peoplesoft_enterprise_peopletools 8.57
netapp manageability_software_development_kit -
netapp storage_encryption -
netapp oncommand_insight -
netapp active_iq_unified_manager -
oracle communications_unified_session_manager 8.2.5
netapp clustered_data_ontap -
oracle jd_edwards_world_security a9.4
oracle peoplesoft_enterprise_peopletools 8.59
netapp santricity_smi-s_provider -
tenable tenable.sc *
debian debian_linux 10.0
netapp e-series_santricity_os_controller *
netapp solidfire -
oracle health_sciences_inform_publisher 6.2.1.1
CVE-2021-3712 MEDIUM

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
oracle mysql_connectors *
oracle enterprise_communications_broker 3.3.0
mcafee epolicy_orchestrator *
oracle mysql_enterprise_monitor *
oracle peoplesoft_enterprise_peopletools 8.58
mcafee epolicy_orchestrator 5.10.0
siemens sinec_infrastructure_network_services *
oracle enterprise_session_border_controller 9.0
oracle health_sciences_inform_publisher 6.2.1.0
oracle communications_cloud_native_core_unified_data_repository 1.15.0
oracle mysql_server *
openssl openssl *
oracle health_sciences_inform_publisher 6.3.1.1
oracle zfs_storage_appliance_kit 8.8
oracle communications_session_border_controller 8.4
oracle essbase 21.3
oracle enterprise_communications_broker 3.2.0
tenable nessus_network_monitor *
oracle essbase *
oracle communications_session_border_controller 9.0
debian debian_linux 11.0
oracle mysql_workbench *
oracle jd_edwards_enterpriseone_tools *
oracle secure_backup 18.1.0.1.0
netapp clustered_data_ontap_antivirus_connector -
oracle enterprise_session_border_controller 8.4
netapp hci_management_node -
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0
oracle communications_unified_session_manager 8.4.5
debian debian_linux 9.0
oracle peoplesoft_enterprise_peopletools 8.57
netapp manageability_software_development_kit -
netapp storage_encryption -
oracle communications_unified_session_manager 8.2.5
netapp clustered_data_ontap -
oracle jd_edwards_world_security a9.4
oracle peoplesoft_enterprise_peopletools 8.59
netapp santricity_smi-s_provider -
tenable tenable.sc *
debian debian_linux 10.0
netapp e-series_santricity_os_controller *
oracle communications_cloud_native_core_console 1.9.0
netapp solidfire -
CVE-2021-40438 MEDIUM

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 8.4
siemens sinema_remote_connect_server 3.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2
redhat enterprise_linux_for_power_little_endian_eus 8.4
siemens ruggedcom_nms *
redhat enterprise_linux_update_services_for_sap_solutions 8.8
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_for_ibm_z_systems_eus 8.1
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_aus 8.6
oracle secure_global_desktop 5.6
redhat enterprise_linux_update_services_for_sap_solutions 8.2
oracle instantis_enterprisetrack 17.2
oracle http_server 12.2.1.3.0
redhat enterprise_linux_for_scientific_computing 7.0
redhat enterprise_linux_for_ibm_z_systems_eus_s390x 8.2
debian debian_linux 11.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1
redhat enterprise_linux_for_ibm_z_systems_eus 8.8
broadcom brocade_fabric_operating_system_firmware -
redhat enterprise_linux_for_power_little_endian_eus 8.6
redhat enterprise_linux 8.0
redhat enterprise_linux_update_services_for_sap_solutions 8.4
redhat enterprise_linux_update_services_for_sap_solutions 8.6
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
redhat enterprise_linux_for_power_little_endian_eus 8.8
netapp storagegrid -
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 8.1
tenable tenable.sc *
redhat enterprise_linux_server_update_services_for_sap_solutions 7.7
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
redhat software_collections 1.0
redhat enterprise_linux_for_arm_64_eus 8.6
redhat enterprise_linux_server_aus 8.4
siemens sinema_remote_connect_server *
redhat enterprise_linux_server_tus 7.7
resf rocky_linux 8.0
redhat enterprise_linux_for_arm_64_eus 8.8
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_server_aus 7.4
oracle http_server 12.2.1.4.0
redhat enterprise_linux_for_power_little_endian_eus 8.1
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_for_ibm_z_systems 7.0_s390x
redhat enterprise_linux_for_power_big_endian 7.0
siemens sinema_server 14.0
oracle enterprise_manager_ops_center 12.4.0.0
redhat enterprise_linux_eus 8.2
oracle instantis_enterprisetrack 17.1
oracle zfs_storage_appliance_kit 8.8
redhat jboss_core_services 1.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 7.6
apache http_server *
redhat enterprise_linux_server_aus 7.7
siemens sinec_nms *
oracle instantis_enterprisetrack 17.3
redhat enterprise_linux_server_tus 8.6
fedoraproject fedora 35
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 7.7
redhat enterprise_linux_server_tus 8.8
fedoraproject fedora 34
netapp cloud_backup -
debian debian_linux 9.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.8
redhat enterprise_linux_eus 8.8
netapp clustered_data_ontap -
redhat enterprise_linux_server_update_services_for_sap_solutions 7.6
redhat enterprise_linux_for_arm_64 8.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_for_power_little_endian 7.0
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_update_services_for_sap_solutions 8.1
debian debian_linux 10.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
f5 f5os *
CVE-2021-41116 HIGH

Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 2.8 4.7
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,CWE-77,

Products Affected

Vendor Product Version
tenable tenable.sc *
getcomposer composer *
CVE-2021-41182 MEDIUM

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
oracle big_data_spatial_and_graph 23.1
oracle communications_operations_monitor 5.0
netapp h500s_firmware -
fedoraproject fedora 36
oracle communications_interactive_session_recorder 6.4
drupal drupal *
oracle hospitality_suite8 8.10.2
netapp h410s_firmware -
oracle primavera_unifier 19.12
oracle primavera_unifier 17.10
oracle rest_data_services *
oracle primavera_unifier 17.12
netapp h300e_firmware -
oracle primavera_unifier *
oracle hospitality_inventory_management 9.1.0
oracle primavera_unifier 20.12
netapp h700e_firmware -
oracle primavera_unifier 17.7
oracle banking_platform 2.12.0
netapp h410c_firmware -
oracle hospitality_materials_control 18.1
oracle rest_data_services 22.1.1
oracle peoplesoft_enterprise_peopletools 8.59
oracle weblogic_server 12.2.1.4.0
oracle primavera_unifier 21.12
tenable tenable.sc *
jqueryui jquery_ui *
oracle hospitality_suite8 *
oracle agile_plm 9.3.6
netapp h500e_firmware -
netapp h700s_firmware -
oracle mysql_enterprise_monitor *
oracle peoplesoft_enterprise_peopletools 8.58
fedoraproject fedora 33
oracle big_data_spatial_and_graph *
oracle banking_platform 2.9.0
oracle communications_operations_monitor 4.3
oracle weblogic_server 12.2.1.3.0
oracle application_express *
oracle communications_operations_monitor 4.4
oracle policy_automation *
oracle primavera_unifier 17.8
fedoraproject fedora 35
oracle jd_edwards_enterpriseone_tools *
fedoraproject fedora 34
debian debian_linux 9.0
oracle weblogic_server 14.1.1.0.0
netapp h300s_firmware -
oracle primavera_unifier 17.11
oracle primavera_unifier 17.9
oracle primavera_unifier 18.8
CVE-2021-41183 MEDIUM

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
oracle big_data_spatial_and_graph 23.1
oracle agile_plm 9.3.6
oracle communications_operations_monitor 5.0
netapp h500s_firmware -
netapp h500e_firmware -
fedoraproject fedora 36
netapp h700s_firmware -
oracle communications_interactive_session_recorder 6.4
drupal drupal *
oracle mysql_enterprise_monitor *
oracle peoplesoft_enterprise_peopletools 8.58
fedoraproject fedora 33
oracle big_data_spatial_and_graph *
oracle banking_platform 2.9.0
oracle communications_operations_monitor 4.3
oracle weblogic_server 12.2.1.3.0
oracle hospitality_suite8 8.10.2
netapp h410s_firmware -
oracle application_express *
oracle communications_operations_monitor 4.4
oracle policy_automation *
oracle primavera_gateway 21.12.0
oracle rest_data_services *
netapp h300e_firmware -
oracle hospitality_inventory_management 9.1.0
fedoraproject fedora 35
oracle primavera_gateway *
oracle jd_edwards_enterpriseone_tools *
netapp h700e_firmware -
fedoraproject fedora 34
debian debian_linux 9.0
oracle weblogic_server 14.1.1.0.0
oracle banking_platform 2.12.0
netapp h300s_firmware -
netapp h410c_firmware -
oracle primavera_gateway 20.12.0
oracle primavera_gateway 19.12.0
oracle rest_data_services 22.1.1
oracle peoplesoft_enterprise_peopletools 8.59
oracle primavera_gateway 18.8.0
oracle weblogic_server 12.2.1.4.0
tenable tenable.sc *
jqueryui jquery_ui *
oracle hospitality_suite8 *
CVE-2021-41184 MEDIUM

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
oracle big_data_spatial_and_graph 23.1
oracle agile_plm 9.3.6
oracle communications_operations_monitor 5.0
netapp h500s_firmware -
netapp h500e_firmware -
fedoraproject fedora 36
netapp h700s_firmware -
oracle communications_interactive_session_recorder 6.4
drupal drupal *
oracle peoplesoft_enterprise_peopletools 8.58
fedoraproject fedora 33
oracle big_data_spatial_and_graph *
oracle banking_platform 2.9.0
oracle communications_operations_monitor 4.3
oracle weblogic_server 12.2.1.3.0
oracle hospitality_suite8 8.10.2
netapp h410s_firmware -
oracle primavera_unifier 19.12
oracle application_express *
oracle communications_operations_monitor 4.4
oracle policy_automation *
oracle rest_data_services *
netapp h300e_firmware -
oracle primavera_unifier *
oracle hospitality_inventory_management 9.1.0
fedoraproject fedora 35
oracle primavera_unifier 20.12
oracle jd_edwards_enterpriseone_tools *
netapp h700e_firmware -
fedoraproject fedora 34
oracle weblogic_server 14.1.1.0.0
oracle banking_platform 2.12.0
netapp h300s_firmware -
netapp h410c_firmware -
oracle hospitality_materials_control 18.1
oracle rest_data_services 22.1.1
oracle peoplesoft_enterprise_peopletools 8.59
oracle primavera_unifier 18.8
oracle weblogic_server 12.2.1.4.0
oracle primavera_unifier 21.12
tenable tenable.sc *
jqueryui jquery_ui *
oracle hospitality_suite8 *
CVE-2021-44224 MEDIUM

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 35
debian debian_linux 11.0
oracle communications_operations_monitor 5.0
oracle communications_session_report_manager *
oracle communications_element_manager *
fedoraproject fedora 34
fedoraproject fedora 36
oracle http_server -
oracle communications_operations_monitor 4.3
oracle communications_session_route_manager *
oracle http_server 12.2.1.4.0
oracle communications_operations_monitor 4.0
apple macos *
oracle communications_operations_monitor 4.4
oracle instantis_enterprisetrack 17.1
oracle instantis_enterprisetrack 17.2
apache http_server *
tenable tenable.sc *
debian debian_linux 10.0
apple mac_os_x 10.15.7
oracle http_server 12.2.1.3.0
oracle instantis_enterprisetrack 17.3
CVE-2021-44790 HIGH

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 35
debian debian_linux 11.0
oracle communications_operations_monitor 5.0
oracle communications_session_report_manager *
oracle communications_element_manager *
fedoraproject fedora 34
fedoraproject fedora 36
netapp cloud_backup -
oracle communications_operations_monitor 4.3
oracle communications_session_route_manager *
oracle http_server 12.2.1.4.0
apple macos *
oracle communications_operations_monitor 4.4
oracle instantis_enterprisetrack 17.1
oracle zfs_storage_appliance_kit 8.8
oracle instantis_enterprisetrack 17.2
apache http_server *
tenable tenable.sc *
debian debian_linux 10.0
apple mac_os_x 10.15.7
oracle http_server 12.2.1.3.0
oracle instantis_enterprisetrack 17.3
CVE-2021-45960 HIGH

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-682,CWE-682,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
siemens sinema_remote_connect_server *
debian debian_linux 11.0
libexpat_project libexpat *
netapp oncommand_workflow_automation -
tenable nessus *
netapp solidfire_&_hci_management_node -
netapp hci_baseboard_management_controller h610c
netapp hci_baseboard_management_controller h615c
debian debian_linux 10.0
netapp hci_baseboard_management_controller h610s
CVE-2021-46143 MEDIUM

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
cve@mitre.org 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
siemens sinema_remote_connect_server *
libexpat_project libexpat *
netapp clustered_data_ontap -
netapp oncommand_workflow_automation -
tenable nessus *
netapp solidfire_&_hci_management_node -
netapp hci_baseboard_management_controller h610c
netapp hci_baseboard_management_controller h615c
netapp hci_baseboard_management_controller h610s
CVE-2022-0130 MEDIUM

Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server root of the Tenable.sc host prior to remote exploitation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tenable tenable.sc *
CVE-2022-0778 MEDIUM

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
debian debian_linux 11.0
netapp clustered_data_ontap_antivirus_connector -
netapp cloud_volumes_ontap_mediator -
netapp a250_firmware -
fedoraproject fedora 34
fedoraproject fedora 36
debian debian_linux 9.0
netapp 500f_firmware -
netapp storagegrid -
nodejs node.js *
netapp clustered_data_ontap -
tenable nessus *
openssl openssl *
netapp santricity_smi-s_provider -
mariadb mariadb *
debian debian_linux 10.0
CVE-2022-22822 HIGH

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
debian debian_linux 11.0
libexpat_project libexpat *
tenable nessus *
debian debian_linux 10.0
CVE-2022-22823 HIGH

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
debian debian_linux 11.0
libexpat_project libexpat *
tenable nessus *
debian debian_linux 10.0
CVE-2022-22824 HIGH

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
debian debian_linux 11.0
libexpat_project libexpat *
tenable nessus *
debian debian_linux 10.0
CVE-2022-22825 MEDIUM

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
debian debian_linux 11.0
libexpat_project libexpat *
tenable nessus *
debian debian_linux 10.0
CVE-2022-22826 MEDIUM

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
debian debian_linux 11.0
libexpat_project libexpat *
tenable nessus *
debian debian_linux 10.0
CVE-2022-22827 MEDIUM

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
debian debian_linux 11.0
libexpat_project libexpat *
tenable nessus *
debian debian_linux 10.0
CVE-2022-23852 HIGH

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
libexpat_project libexpat *
netapp clustered_data_ontap -
netapp oncommand_workflow_automation -
tenable nessus *
debian debian_linux 9.0
oracle communications_metasolv_solution 6.3.1
CVE-2022-23990 MEDIUM

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
fedoraproject fedora 35
siemens sinema_remote_connect_server *
debian debian_linux 11.0
libexpat_project libexpat *
tenable nessus *
fedoraproject fedora 34
debian debian_linux 10.0
oracle communications_metasolv_solution 6.3.1
CVE-2022-24785 MEDIUM

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
security-advisories@github.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-27,CWE-22,

Products Affected

Vendor Product Version
fedoraproject fedora 35
netapp active_iq -
momentjs moment *
fedoraproject fedora 36
tenable tenable.sc *
debian debian_linux 10.0
CVE-2022-24828 MEDIUM

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-88,

Products Affected

Vendor Product Version
fedoraproject fedora 35
fedoraproject fedora 34
fedoraproject fedora 36
tenable tenable.sc *
getcomposer composer *
CVE-2022-28291

Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an attacker to access credentials stored in Nessus scanners, potentially compromising its customers’ network of assets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
tenable nessus *
CVE-2022-32973 HIGH

An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2022-32974 MEDIUM

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tenable nessus *
CVE-2022-33757

An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
tenable nessus *
CVE-2022-3499

An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
tenable nessus *
CVE-2022-4313

A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tenable nessus *
tenable plugin_feed *
CVE-2023-0101

A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host.

Products Affected

Vendor Product Version
tenable nessus *
CVE-2023-0476

A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection.

Products Affected

Vendor Product Version
tenable tenable.sc *
CVE-2023-0524

As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055.

Products Affected

Vendor Product Version
tenable tenable.sc -
tenable nessus -
tenable tenable.io -
CVE-2023-2005

Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H 0.3 5.9

Products Affected

Vendor Product Version
tenable nessus -
tenable tenable.io -
tenable securitycenter -
CVE-2023-24493

A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host.

Products Affected

Vendor Product Version
tenable tenable.sc *
CVE-2023-24494

A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.

Products Affected

Vendor Product Version
tenable tenable.sc *
CVE-2023-24495

A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly.

Products Affected

Vendor Product Version
tenable tenable.sc *
CVE-2023-3251

A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
vulnreport@tenable.com 4.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N 2.3 1.4

Products Affected

Vendor Product Version
tenable nessus *
CVE-2023-3252

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2
vulnreport@tenable.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 2.3 4.0

Products Affected

Vendor Product Version
tenable nessus *
CVE-2023-3253

An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
tenable nessus *
CVE-2023-5622

Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tenable nessus_network_monitor *
CVE-2023-5623

NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
tenable nessus_network_monitor *
CVE-2023-5624

Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
vulnreport@tenable.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tenable nessus_network_monitor *
CVE-2023-5847

Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
tenable nessus *
tenable nessus_agent *
CVE-2023-6062

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 2.3 4.0
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

Products Affected

Vendor Product Version
tenable nessus *
CVE-2023-6178

An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 2.3 4.0
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

Products Affected

Vendor Product Version
tenable nessus *
CVE-2024-0955

A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
tenable nessus *
CVE-2024-0971

A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
tenable nessus *
CVE-2024-1367

A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tenable security_center *
CVE-2024-1471

An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7

Products Affected

Vendor Product Version
tenable security_center *
CVE-2024-1683

A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L 2.0 4.7

Products Affected

Vendor Product Version
tenable identity_exposure *
CVE-2024-1891

A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 3.5 LOW CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N 2.1 1.4

Products Affected

Vendor Product Version
tenable security_center *
CVE-2024-3232

A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 7.6 HIGH CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H 1.0 6.0

Products Affected

Vendor Product Version
tenable identity_exposure *
CVE-2024-5759

An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 2.8 2.5

Products Affected

Vendor Product Version
tenable security_center *
CVE-2025-24916

When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
tenable nessus_network_monitor *
CVE-2025-24917

In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
tenable nessus_network_monitor *
CVE-2025-36630

In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H 2.0 5.8

Products Affected

Vendor Product Version
tenable nessus *
CVE-2025-36631

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H 2.0 5.8

Products Affected

Vendor Product Version
tenable nessus_agent *
CVE-2025-36632

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
tenable nessus_agent *
CVE-2025-36633

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
tenable nessus_agent *
CVE-2026-2026

A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 1.8 4.2

Products Affected

Vendor Product Version
tenable nessus_agent *
CVE-2026-2697

An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
tenable security_center *
CVE-2026-2698

An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnreport@tenable.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
tenable security_center *