Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tenable tenable.sc - vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2020-7060
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to ...
Php Php
Tenable Tenable.sc
Oracle Communications Diameter Signaling Router
Opensuse Leap 15.1
Debian Debian Linux 8.0
7.5
CVSSv3
CVE-2019-11044
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is ...
Php Php 7.4.0
Php Php
Tenable Securitycenter
Fedoraproject Fedora 30
Fedoraproject Fedora 31
5.9
CVSSv3
CVE-2019-11045
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is all...
Php Php 7.4.0
Php Php
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Tenable Securitycenter
5.3
CVSSv3
CVE-2019-11046
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS b...
Php Php 7.4.0
Php Php
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Opensuse Leap 15.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Tenable Securitycenter
1 Github repository
6.5
CVSSv3
CVE-2019-11047
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf...
Php Php 7.4.0
Php Php
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
9.8
CVSSv3
CVE-2019-11049
In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locati...
Php Php
Php Php 7.4.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 10.0
Tenable Securitycenter
6.5
CVSSv3
CVE-2019-11050
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf...
Php Php 7.4.0
Php Php
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Fedoraproject Fedora 30
Canonical Ubuntu Linux 14.04
Fedoraproject Fedora 31
Canonical Ubuntu Linux 12.04
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Tenable Securitycenter
9.8
CVSSv3
CVE-2019-19919
Versions of handlebars before 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an malicious user to execute arbitrary code through crafted payloads.
Handlebars.js Project Handlebars.js 1.0.6
Handlebars.js Project Handlebars.js 1.0.7
Handlebars.js Project Handlebars.js 1.0.8
Handlebars.js Project Handlebars.js 1.0.9
Handlebars.js Project Handlebars.js 1.0.10
Handlebars.js Project Handlebars.js 1.0.11
Handlebars.js Project Handlebars.js 1.0.12
Handlebars.js Project Handlebars.js 1.1.0
Handlebars.js Project Handlebars.js 1.1.1
Handlebars.js Project Handlebars.js 1.1.2
Handlebars.js Project Handlebars.js 1.2.0
Handlebars.js Project Handlebars.js 1.2.1
Handlebars.js Project Handlebars.js 1.3.0
Handlebars.js Project Handlebars.js 2.0.0
Handlebars.js Project Handlebars.js 3.0.0
Handlebars.js Project Handlebars.js 3.0.1
Handlebars.js Project Handlebars.js 3.0.2
Handlebars.js Project Handlebars.js 3.0.3
Handlebars.js Project Handlebars.js 4.0.0
Handlebars.js Project Handlebars.js 4.0.1
Handlebars.js Project Handlebars.js 4.0.2
Handlebars.js Project Handlebars.js 4.0.3
9.8
CVSSv3
CVE-2019-19646
pragma.c in SQLite up to and including 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
Sqlite Sqlite
Siemens Sinec Infrastructure Network Services
Tenable Tenable.sc
Oracle Mysql Workbench
Netapp Cloud Backup -
Netapp Ontap Select Deploy Administration Utility -
5.5
CVSSv3
CVE-2019-19645
alter.c in SQLite up to and including 3.30.1 allows malicious users to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
Sqlite Sqlite
Netapp Cloud Backup -
Netapp Ontap Select Deploy Administration Utility -
Oracle Mysql Workbench
Tenable Tenable.sc
Siemens Sinec Infrastructure Network Services
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »