Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tenable vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-5808
In certain scenarios in Tenable.sc before 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration.
Tenable Tenable.sc
7.5
CVSSv3
CVE-2020-7067
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
Php Php
Tenable Tenable.sc
Oracle Communications Diameter Signaling Router
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
7.5
CVSSv3
CVE-2020-1967
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or u...
Openssl Openssl
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Freebsd Freebsd 12.1
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Jd Edwards World Security A9.4
Oracle Enterprise Manager Ops Center 12.4.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Mysql
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Mysql Enterprise Monitor
Oracle Mysql Workbench
Oracle Http Server 12.2.1.4.0
Oracle Enterprise Manager For Storage Management 13.3.0.0
Oracle Mysql Connectors
Oracle Enterprise Manager For Storage Management 13.4.0.0
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Application Server 12.1.3
7 Github repositories
1 Article
7.5
CVSSv3
CVE-2020-11655
SQLite up to and including 3.31.1 allows malicious users to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
Sqlite Sqlite
Netapp Ontap Select Deploy Administration Utility -
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Oracle Communications Element Manager
Oracle Communications Network Charging And Control 6.0.1
Oracle Communications Network Charging And Control
Oracle Communications Network Charging And Control 12.0.2
Oracle Communications Session Report Manager
Oracle Communications Session Route Manager
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Hyperion Infrastructure Technology 11.1.2.4
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Mysql
Oracle Mysql Workbench
Oracle Outside In Technology 8.5.4
7.5
CVSSv3
CVE-2020-7062
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to cle...
Php Php
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
7.5
CVSSv3
CVE-2019-11044
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is ...
Php Php 7.4.0
Php Php
Tenable Securitycenter
Fedoraproject Fedora 30
Fedoraproject Fedora 31
7.5
CVSSv3
CVE-2019-15903
In libexpat prior to 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
Libexpat Project Libexpat
Python Python
7.5
CVSSv3
CVE-2018-20843
In libexpat in Expat prior to 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
Libexpat Project Libexpat
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.0
Opensuse Leap 15.1
Oracle Http Server 12.1.3.0
Oracle Outside In Technology 8.5.4
Oracle Outside In Technology 8.5.5
Oracle Http Server 12.2.1.4.0
Oracle Hospitality Res 3700
Tenable Nessus
7.5
CVSSv3
CVE-2019-9637
An issue exists in PHP prior to 7.1.27, 7.2.x prior to 7.2.16, and 7.3.x prior to 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauth...
Php Php
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 12.04
Opensuse Leap 42.3
Netapp Storage Automation Store -
7.5
CVSSv3
CVE-2019-9022
An issue exists in PHP 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This ...
Php Php
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Netapp Storage Automation Store -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »