4.8.0

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-25	CVE-2021-3449	NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. network high complexity openssl debian freebsd netapp tenable fedoraproject mcafee checkpoint oracle sonicwall siemens nodejs CWE-476	5.9
2021-02-16	CVE-2021-23840	Integer Overflow or Wraparound vulnerability in multiple products Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. network low complexity openssl debian tenable oracle mcafee fujitsu nodejs CWE-190	7.5
2020-12-08	CVE-2020-1971	NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. network high complexity openssl debian fedoraproject oracle netapp tenable siemens nodejs CWE-476	5.9
2020-04-29	CVE-2020-11022	Cross-site Scripting vulnerability in multiple products In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. network low complexity jquery drupal debian fedoraproject oracle netapp opensuse tenable CWE-79	6.1
2020-04-29	CVE-2020-11023	Cross-site Scripting vulnerability in multiple products In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. network low complexity jquery debian fedoraproject drupal oracle netapp tenable CWE-79	6.1
2020-04-21	CVE-2020-1967	NULL Pointer Dereference vulnerability in multiple products Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. network low complexity openssl debian freebsd fedoraproject oracle netapp broadcom opensuse jdedwards tenable CWE-476	7.5
2019-12-06	CVE-2019-1551	Integer Overflow or Wraparound vulnerability in multiple products There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. network low complexity openssl opensuse oracle canonical fedoraproject debian tenable CWE-190	5.3
2017-02-28	CVE-2016-9261	Cross-site Scripting vulnerability in Tenable LOG Correlation Engine 4.8.0 Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. network tenable CWE-79	3.5
2016-06-09	CVE-2016-4448	Use of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. network low complexity hp apple xmlsoft redhat slackware oracle tenable mcafee CWE-134 critical	9.8