Vulnerabilities (CVE)

Filtered by vendor Tenable Subscribe
Total 96 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-22824 2 Libexpat Project, Tenable 2 Libexpat, Nessus 2022-06-14 7.5 HIGH 9.8 CRITICAL
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2021-45960 4 Debian, Libexpat Project, Netapp and 1 more 7 Debian Linux, Libexpat, Active Iq Unified Manager and 4 more 2022-06-14 9.0 HIGH 8.8 HIGH
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
CVE-2022-22827 2 Libexpat Project, Tenable 2 Libexpat, Nessus 2022-06-14 6.8 MEDIUM 8.8 HIGH
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22823 2 Libexpat Project, Tenable 2 Libexpat, Nessus 2022-06-14 7.5 HIGH 9.8 CRITICAL
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22825 2 Libexpat Project, Tenable 2 Libexpat, Nessus 2022-06-14 6.8 MEDIUM 8.8 HIGH
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-23990 5 Debian, Fedoraproject, Libexpat Project and 2 more 5 Debian Linux, Fedora, Libexpat and 2 more 2022-06-14 7.5 HIGH 9.8 CRITICAL
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
CVE-2022-22822 2 Libexpat Project, Tenable 2 Libexpat, Nessus 2022-06-14 7.5 HIGH 9.8 CRITICAL
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22826 2 Libexpat Project, Tenable 2 Libexpat, Nessus 2022-06-14 6.8 MEDIUM 8.8 HIGH
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2021-46143 3 Libexpat Project, Netapp, Tenable 5 Libexpat, Clustered Data Ontap, Oncommand Workflow Automation and 2 more 2022-06-14 6.8 MEDIUM 7.8 HIGH
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
CVE-2022-23852 5 Debian, Libexpat Project, Netapp and 2 more 6 Debian Linux, Libexpat, Clustered Data Ontap and 3 more 2022-06-14 7.5 HIGH 9.8 CRITICAL
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
CVE-2021-34798 7 Apache, Broadcom, Debian and 4 more 14 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 11 more 2022-06-14 5.0 MEDIUM 7.5 HIGH
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2016-4055 3 Momentjs, Oracle, Tenable 3 Moment, Primavera Unifier, Nessus 2022-06-06 7.8 HIGH 6.5 MEDIUM
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
CVE-2021-20077 1 Tenable 1 Nessus Agent 2022-06-05 7.2 HIGH 6.7 MEDIUM
Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.
CVE-2019-19919 2 Handlebars.js Project, Tenable 2 Handlebars.js, Tenable.sc 2022-06-03 7.5 HIGH 9.8 CRITICAL
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.
CVE-2021-44224 5 Apache, Debian, Fedoraproject and 2 more 5 Http Server, Debian Linux, Fedora and 2 more 2022-05-17 6.4 MEDIUM 8.2 HIGH
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
CVE-2021-44790 6 Apache, Debian, Fedoraproject and 3 more 6 Http Server, Debian Linux, Fedora and 3 more 2022-05-17 7.5 HIGH 9.8 CRITICAL
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
CVE-2020-7067 4 Debian, Oracle, Php and 1 more 4 Debian Linux, Communications Diameter Signaling Router, Php and 1 more 2022-05-16 5.0 MEDIUM 7.5 HIGH
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
CVE-2019-8331 4 F5, Getbootstrap, Redhat and 1 more 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more 2022-05-16 4.3 MEDIUM 6.1 MEDIUM
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CVE-2020-7061 3 Microsoft, Php, Tenable 3 Windows, Php, Tenable.sc 2022-05-16 6.4 MEDIUM 9.1 CRITICAL
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
CVE-2020-11023 7 Debian, Drupal, Fedoraproject and 4 more 54 Debian Linux, Drupal, Fedora and 51 more 2022-05-12 4.3 MEDIUM 6.1 MEDIUM
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.