Tenable

Tenable.Sc

46 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2021-21707

Exploit
  • EPSS 0.62%
  • Published 29.11.2021 07:15:06
  • Last modified 21.11.2024 05:48:52

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the ...

6.1

CVE-2021-41184

  • EPSS 22.09%
  • Published 26.10.2021 15:15:10
  • Last modified 21.11.2024 06:25:42

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string v...

6.1

CVE-2021-41183

Exploit
  • EPSS 2.34%
  • Published 26.10.2021 15:15:10
  • Last modified 21.11.2024 06:25:42

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The v...

6.1

CVE-2021-41182

Exploit
  • EPSS 22.27%
  • Published 26.10.2021 15:15:10
  • Last modified 21.11.2024 06:25:41

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any str...

9.8

CVE-2021-41116

  • EPSS 0.72%
  • Published 05.10.2021 18:15:08
  • Last modified 21.11.2024 06:25:30

Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL ar...

9

CVE-2021-40438

Warning
  • EPSS 94.43%
  • Published 16.09.2021 15:15:07
  • Last modified 16.05.2025 15:27:13

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

7.5

CVE-2021-34798

  • EPSS 11.69%
  • Published 16.09.2021 15:15:07
  • Last modified 21.11.2024 06:11:13

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

7.4

CVE-2021-3712

Warning
  • EPSS 0.82%
  • Published 24.08.2021 15:15:09
  • Last modified 21.11.2024 06:22:13

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the s...

9.8

CVE-2021-3711

  • EPSS 2.75%
  • Published 24.08.2021 15:15:09
  • Last modified 21.11.2024 06:22:12

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen...

7.5

CVE-2021-33193

Exploit
  • EPSS 0.94%
  • Published 16.08.2021 08:15:11
  • Last modified 01.05.2025 15:40:12

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.