Filtered by vendor Tenable Subscriptions
Total 145 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-21371 1 Tenable 1 Jira Cloud 2024-11-21 5 Medium
Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run arbitrary commands through the yaml.load() method. This could allow an attacker with local access to the host to run arbitrary code by running the application with a specially crafted YAML configuration file. This is fixed in version 1.1.21 by using yaml.safe_load() instead of yaml.load().
CVE-2021-20135 1 Tenable 1 Nessus 2024-11-21 6.7 Medium
Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/nessus).
CVE-2021-20118 1 Tenable 1 Nessus Agent 2024-11-21 6.7 Medium
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117.
CVE-2021-20117 1 Tenable 1 Nessus Agent 2024-11-21 6.7 Medium
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118.
CVE-2021-20106 1 Tenable 1 Nessus 2024-11-21 6.5 Medium
Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.
CVE-2021-20100 2 Microsoft, Tenable 2 Windows, Nessus 2024-11-21 6.7 Medium
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099.
CVE-2021-20099 2 Microsoft, Tenable 2 Windows, Nessus 2024-11-21 6.7 Medium
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100.
CVE-2021-20079 1 Tenable 1 Nessus 2024-11-21 6.7 Medium
Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.
CVE-2021-20077 1 Tenable 1 Nessus Agent 2024-11-21 6.7 Medium
Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token.
CVE-2021-20076 1 Tenable 1 Tenable.sc 2024-11-21 8.8 High
Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization.
CVE-2020-7070 8 Canonical, Debian, Fedoraproject and 5 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2024-11-21 4.3 Medium
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
CVE-2020-7069 9 Canonical, Debian, Fedoraproject and 6 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2024-11-21 5.4 Medium
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
CVE-2020-7068 4 Debian, Php, Redhat and 1 more 5 Debian Linux, Php, Enterprise Linux and 2 more 2024-11-21 4.8 Medium
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
CVE-2020-7067 4 Debian, Oracle, Php and 1 more 4 Debian Linux, Communications Diameter Signaling Router, Php and 1 more 2024-11-21 7.5 High
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
CVE-2020-7066 5 Debian, Opensuse, Php and 2 more 6 Debian Linux, Leap, Php and 3 more 2024-11-21 5.3 Medium
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.
CVE-2020-7065 5 Canonical, Debian, Php and 2 more 6 Ubuntu Linux, Debian Linux, Php and 3 more 2024-11-21 7.4 High
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
CVE-2020-7064 6 Canonical, Debian, Opensuse and 3 more 7 Ubuntu Linux, Debian Linux, Leap and 4 more 2024-11-21 6.5 Medium
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
CVE-2020-7063 5 Debian, Opensuse, Php and 2 more 6 Debian Linux, Leap, Php and 3 more 2024-11-21 5.5 Medium
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
CVE-2020-7061 3 Microsoft, Php, Tenable 3 Windows, Php, Tenable.sc 2024-11-21 6.5 Medium
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
CVE-2020-7060 6 Debian, Opensuse, Oracle and 3 more 7 Debian Linux, Leap, Communications Diameter Signaling Router and 4 more 2024-11-21 6.5 Medium
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.