Tenable

Log Correlation Engine

9 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2021-3449

  • EPSS 13.18%
  • Published 25.03.2021 15:15:13
  • Last modified 21.11.2024 06:21:33

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but incl...

7.5

CVE-2021-23840

  • EPSS 0.57%
  • Published 16.02.2021 17:15:13
  • Last modified 21.11.2024 05:51:55

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value ...

5.9

CVE-2020-1971

  • EPSS 0.34%
  • Published 08.12.2020 16:15:11
  • Last modified 21.11.2024 05:11:45

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they...

6.1

CVE-2020-11022

Exploit
  • EPSS 22.55%
  • Published 29.04.2020 22:15:11
  • Last modified 21.11.2024 04:56:36

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob...

6.1

CVE-2020-11023

Warning Exploit
  • EPSS 21.32%
  • Published 29.04.2020 21:15:11
  • Last modified 24.01.2025 02:00:02

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex...

7.5

CVE-2020-1967

Exploit
  • EPSS 66.69%
  • Published 21.04.2020 14:15:11
  • Last modified 21.11.2024 05:11:45

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occur...

5.3

CVE-2019-1551

  • EPSS 4.53%
  • Published 06.12.2019 18:15:12
  • Last modified 21.11.2024 04:36:48

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this d...

5.4

CVE-2016-9261

  • EPSS 0.19%
  • Published 28.02.2017 18:59:00
  • Last modified 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

10

CVE-2016-4448

  • EPSS 1.2%
  • Published 09.06.2016 16:59:06
  • Last modified 12.04.2025 10:46:40

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.