VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Tenable
> Tenable SC
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2021-11-29
CVE-2021-21707
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them.
network
low complexity
php
netapp
debian
tenable
5.3
5.3
2021-10-26
CVE-2021-41182
Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
network
low complexity
jqueryui
fedoraproject
netapp
debian
drupal
oracle
tenable
CWE-79
6.1
6.1
2021-10-26
CVE-2021-41183
Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
network
low complexity
jqueryui
fedoraproject
netapp
debian
drupal
oracle
tenable
CWE-79
6.1
6.1
2021-10-26
CVE-2021-41184
Cross-site Scripting vulnerability in multiple products
jQuery-UI is the official jQuery user interface library.
network
low complexity
jqueryui
fedoraproject
netapp
drupal
tenable
oracle
CWE-79
6.1
6.1
2021-10-05
CVE-2021-41116
Command Injection vulnerability in multiple products
Composer is an open source dependency manager for the PHP language.
network
low complexity
getcomposer
tenable
CWE-77
critical
9.8
9.8
2021-09-16
CVE-2021-34798
NULL Pointer Dereference vulnerability in multiple products
Malformed requests may cause the server to dereference a NULL pointer.
network
low complexity
apache
fedoraproject
debian
netapp
tenable
oracle
broadcom
siemens
CWE-476
7.5
7.5
2021-09-16
CVE-2021-40438
Server-Side Request Forgery (SSRF) vulnerability in multiple products
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
network
high complexity
apache
fedoraproject
debian
netapp
broadcom
f5
oracle
siemens
tenable
CWE-918
critical
9.0
9.0
2021-08-24
CVE-2021-3711
Classic Buffer Overflow vulnerability in multiple products
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().
network
low complexity
openssl
debian
netapp
oracle
tenable
CWE-120
critical
9.8
9.8
2021-08-24
CVE-2021-3712
Out-of-bounds Read vulnerability in multiple products
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length.
network
high complexity
openssl
debian
netapp
mcafee
tenable
oracle
siemens
CWE-125
7.4
7.4
2021-08-16
CVE-2021-33193
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.
network
low complexity
apache
fedoraproject
tenable
oracle
7.5
7.5
«
Previous
1
2
(current)
3
4
5
»
Next