Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

tenable log correlation engine vulnerabilities and exploits

(subscribe to this query)
3.5
CVSSv2
CVE-2016-9261
Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) prior to 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Tenable Log Correlation Engine
5
CVSSv2
CVE-2019-1551
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult ...
Openssl OpensslOpensuse Leap 15.1Oracle Peoplesoft Enterprise Peopletools 8.56Oracle Peoplesoft Enterprise Peopletools 8.57Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Mysql Enterprise MonitorOracle Enterprise Manager Ops Center 12.4.0.0Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 19.10Fedoraproject Fedora 30Fedoraproject Fedora 31Fedoraproject Fedora 32Debian Debian Linux 9.0Debian Debian Linux 10.0Tenable Log Correlation Engine
5
CVSSv2
CVE-2021-23840
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be...
Openssl OpensslDebian Debian Linux 10.0Tenable Nessus Network Monitor 5.11.1Tenable Nessus Network Monitor 5.12.0Tenable Nessus Network Monitor 5.12.1Tenable Nessus Network Monitor 5.13.0Tenable Nessus Network Monitor 5.11.0Tenable Log Correlation EngineOracle Business Intelligence 12.2.1.3.0Oracle Jd Edwards World Security A9.4Oracle Business Intelligence 12.2.1.4.0Oracle Business Intelligence 5.5.0.0.0Oracle Enterprise Manager For Storage Management 13.4.0.0Oracle Enterprise Manager Ops Center 12.4.0.0Oracle Graalvm 20.3.1.2Oracle Graalvm 21.0.0.2Oracle Graalvm 19.3.5Oracle Mysql ServerOracle Nosql DatabaseOracle Jd Edwards Enterpriseone ToolsOracle Business Intelligence 5.9.0.0.0Oracle Communications Cloud Native Core Policy 1.15.0
5
CVSSv2
CVE-2020-1967
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or u...
Openssl OpensslDebian Debian Linux 9.0Debian Debian Linux 10.0Freebsd Freebsd 12.1Fedoraproject Fedora 30Fedoraproject Fedora 31Fedoraproject Fedora 32Oracle Peoplesoft Enterprise Peopletools 8.56Oracle Peoplesoft Enterprise Peopletools 8.57Oracle Jd Edwards World Security A9.4Oracle Enterprise Manager Ops Center 12.4.0Oracle Peoplesoft Enterprise Peopletools 8.58Oracle MysqlOracle Enterprise Manager Base Platform 13.4.0.0Oracle Mysql Enterprise MonitorOracle Mysql WorkbenchOracle Http Server 12.2.1.4.0Oracle Enterprise Manager For Storage Management 13.3.0.0Oracle Mysql ConnectorsOracle Enterprise Manager For Storage Management 13.4.0.0Oracle Peoplesoft Enterprise Peopletools 8.59Oracle Application Server 12.1.3
4.3
CVSSv2
CVE-2020-1971
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This functi...
Openssl OpensslDebian Debian Linux 9.0Debian Debian Linux 10.0Fedoraproject Fedora 32Fedoraproject Fedora 33Oracle Api Gateway 11.1.2.4.0Oracle Peoplesoft Enterprise Peopletools 8.56Oracle Business Intelligence 12.2.1.3.0Oracle Peoplesoft Enterprise Peopletools 8.57Oracle Jd Edwards World Security A9.4Oracle Business Intelligence 12.2.1.4.0Oracle Enterprise Manager Base Platform 13.3.0.0Oracle Business Intelligence 5.5.0.0.0Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Enterprise Manager Base Platform 13.4.0.0Oracle Http Server 12.2.1.4.0Oracle Enterprise Manager For Storage Management 13.4.0.0Oracle Enterprise Manager Ops Center 12.4.0.0Oracle MysqlOracle Graalvm 19.3.4Oracle Graalvm 20.3.0Oracle Essbase 21.2
4.3
CVSSv2
CVE-2020-11023
In jQuery versions greater than or equal to 1.0.3 and prior to 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted c...
Jquery JqueryDebian Debian Linux 9.0Fedoraproject Fedora 31Fedoraproject Fedora 32Fedoraproject Fedora 33Drupal DrupalOracle Weblogic Server 12.1.3.0.0Oracle Hyperion Financial Reporting 11.1.2.4Oracle Weblogic Server 12.2.1.3.0Oracle Webcenter Sites 12.2.1.3.0Oracle Application Testing Suite 13.3.0.1Oracle Communications Operations Monitor 3.4Oracle Weblogic Server 12.2.1.4.0Oracle Webcenter Sites 12.2.1.4.0Oracle Weblogic Server 14.1.1.0.0Oracle Communications Interactive Session RecorderOracle Communications Element Manager 8.2.0Oracle Communications Element Manager 8.2.1Oracle Communications Element Manager 8.1.1Oracle Application ExpressOracle Rest Data Services 12.2.0.1Oracle Rest Data Services 12.1.0.2
4.3
CVSSv2
CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_ce...
Openssl OpensslDebian Debian Linux 9.0Debian Debian Linux 10.0Freebsd Freebsd 12.2Netapp Santricity Smi-s Provider -Netapp Snapcenter -Netapp Oncommand Workflow Automation -Netapp Storagegrid -Netapp Oncommand Insight -Netapp Ontap Select Deploy Administration Utility -Netapp Active Iq Unified Manager -Netapp Cloud Volumes Ontap Mediator -Netapp E-series Performance Analyzer -Tenable Tenable.scTenable NessusTenable Nessus Network Monitor 5.11.1Tenable Nessus Network Monitor 5.12.0Tenable Nessus Network Monitor 5.12.1Tenable Nessus Network Monitor 5.13.0Tenable Nessus Network Monitor 5.11.0Tenable Log Correlation EngineFedoraproject Fedora 34
6.4
CVSSv2
CVE-2016-2176
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL prior to 1.0.1t and 1.0.2 prior to 1.0.2h allows remote malicious users to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.
Openssl Openssl 1.0.2aOpenssl Openssl 1.0.2eOpenssl Openssl 1.0.2bOpenssl Openssl 1.0.2gOpenssl Openssl 1.0.2cOpenssl Openssl 1.0.2Openssl OpensslOpenssl Openssl 1.0.2fOpenssl Openssl 1.0.2d
4.3
CVSSv2
CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and prior to 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuer...
Jquery JqueryDrupal DrupalDebian Debian Linux 9.0Fedoraproject Fedora 31Fedoraproject Fedora 32Fedoraproject Fedora 33Oracle Weblogic Server 12.1.3.0.0Oracle Jdeveloper 11.1.1.9.0Oracle Retail Back Office 14.1Oracle Retail Back Office 14.0Oracle Peoplesoft Enterprise Peopletools 8.56Oracle Weblogic Server 10.3.6.0.0Oracle Communications Webrtc Session Controller 7.2Oracle Weblogic Server 12.2.1.3.0Oracle Agile Product Lifecycle Management For Process 6.2.0.0Oracle Peoplesoft Enterprise Peopletools 8.57Oracle Application Testing Suite 13.3.0.1Oracle Retail Returns Management 14.0Oracle Retail Returns Management 14.1Oracle Jdeveloper 12.2.1.3.0Oracle Policy Automation Connector For Siebel 10.4.6Oracle Financial Services Market Risk Measurement And Management 8.0.6
4.3
CVSSv2
CVE-2015-8861
The handlebars package prior to 4.0.0 for Node.js allows remote malicious users to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
Handlebars.js Project Handlebars.js
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook