Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tenable securitycenter - vulnerabilities and exploits
(subscribe to this query)
1.9
CVSSv2
CVE-2018-10545
An issue exists in PHP prior to 5.6.35, 7.0.x prior to 7.0.29, 7.1.x prior to 7.1.16, and 7.2.x prior to 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environmen...
Php Php
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Netapp Storage Automation Store -
4.3
CVSSv2
CVE-2018-10547
An issue exists in ext/phar/phar_object.c in PHP prior to 5.6.36, 7.0.x prior to 7.0.30, 7.1.x prior to 7.1.17, and 7.2.x prior to 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists bec...
Php Php
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Netapp Storage Automation Store -
5
CVSSv2
CVE-2018-10548
An issue exists in PHP prior to 5.6.36, 7.0.x prior to 7.0.30, 7.1.x prior to 7.1.17, and 7.2.x prior to 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn retur...
Php Php
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Netapp Storage Automation Store -
7.5
CVSSv2
CVE-2014-0107
The TransformerFactory in Apache Xalan-Java prior to 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote malicious users to bypass expected restrictions and load arbitrary classes or access external resource...
Apache Xalan-java 2.6.0
Apache Xalan-java
Apache Xalan-java 2.0.1
Apache Xalan-java 2.0.0
Apache Xalan-java 2.5.1
Apache Xalan-java 2.5.0
Apache Xalan-java 2.4.1
Apache Xalan-java 2.1.0
Apache Xalan-java 2.7.0
Apache Xalan-java 2.5.2
Apache Xalan-java 2.2.0
Apache Xalan-java 2.4.0
Apache Xalan-java 1.0.0
Oracle Webcenter Sites 11.1.1.8.0
Oracle Webcenter Sites 7.6.2
NA
CVE-2015-4149
SecurityCenter contains multiple flaws that may allow an authenticated user to execute remote commands on the device. The issue is due to four separate pages not fully sanitizing user-supplied files during upload functions, allowing for the injection of operating system commands....
NA
CVE-2015-4150
SecurityCenter contains multiple flaws that may allow an authenticated user to execute remote commands on the device. The issue is due to four separate pages not fully sanitizing user-supplied files during upload functions, allowing for the injection of operating system commands....
NA
CVE-2015-8503
SecurityCenter contains a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the application does not ensure that uploaded .audit files are validated before being rendered on the scan results page. This may allow a remote authenticated attacker ...
NA
CVE-2015-83832016
PHP bundles the Perl-Compatible Regular Expressions (PCRE) library for RegExp parsing, which SecurityCenter implements. PHP 5.6.18 was released that fixes a variety of issues in the bundled PCRE library, that includes: CVE-2015-8383 - PCRE RegExp Repeated Conditional Group Handli...
6.5
CVSSv2
CVE-2016-1000104
A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.
Apache Mod Fcgid
Opensuse Leap 42.1
Opensuse Opensuse 13.2
NA
CVE-2016-82008
SecurityCenter 5.2.0 was found vulnerable to three cross-site scripting issues. If exploited, a victim could be tricked into executing attacker-controlled JavaScript that runs in the their own context, potentially leading to authentication credential disclosure or other attacks. ...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »