Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Tenable\.sc
(Tenable)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 46 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-02-27 | CVE-2020-7063 | In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted. | Debian_linux, Leap, Php, Tenable\.sc | 5.3 | ||
2020-04-01 | CVE-2020-7066 | In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server. | Debian_linux, Leap, Php, Tenable\.sc | 4.3 | ||
2019-12-09 | CVE-2019-19645 | alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. | Cloud_backup, Ontap_select_deploy_administration_utility, Mysql_workbench, Sinec_infrastructure_network_services, Sqlite, Tenable\.sc | 5.5 | ||
2019-12-09 | CVE-2019-19646 | pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. | Cloud_backup, Ontap_select_deploy_administration_utility, Mysql_workbench, Sinec_infrastructure_network_services, Sqlite, Tenable\.sc | 9.8 | ||
2020-04-09 | CVE-2020-11655 | SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. | Ubuntu_linux, Debian_linux, Ontap_select_deploy_administration_utility, Communications_element_manager, Communications_messaging_server, Communications_network_charging_and_control, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Mysql, Mysql_workbench, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite, Tenable\.sc | 7.5 | ||
2020-04-09 | CVE-2020-11656 | In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. | Ontap_select_deploy_administration_utility, Communications_messaging_server, Communications_network_charging_and_control, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Mysql, Mysql_workbench, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite, Tenable\.sc | 9.8 | ||
2020-04-01 | CVE-2020-7065 | In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution. | Ubuntu_linux, Debian_linux, Php, Tenable\.sc | 8.8 | ||
2020-12-21 | CVE-2020-5808 | In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration. | Tenable\.sc | 7.5 | ||
2021-03-03 | CVE-2021-20076 | Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization. | Tenable\.sc | 8.8 | ||
2020-04-17 | CVE-2020-5737 | Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Updated input validation techniques have been implemented to correct this issue. | Tenable\.sc | N/A |