Vulnerabilities > Tenable > Tenable SC > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-12-20 CVE-2021-44790 A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).
network
low complexity
apache fedoraproject debian tenable netapp oracle apple
critical
9.8
2021-10-05 CVE-2021-41116 Command Injection vulnerability in multiple products
Composer is an open source dependency manager for the PHP language.
network
low complexity
getcomposer tenable CWE-77
critical
9.8
2021-09-16 CVE-2021-40438 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
9.0
2021-08-24 CVE-2021-3711 Classic Buffer Overflow vulnerability in multiple products
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().
network
low complexity
openssl debian netapp oracle tenable CWE-120
critical
9.8
2020-04-09 CVE-2020-11656 Use After Free vulnerability in multiple products
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
network
low complexity
sqlite netapp oracle siemens tenable CWE-416
critical
9.8
2020-02-27 CVE-2020-7061 Out-of-bounds Read vulnerability in multiple products
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer.
network
low complexity
php tenable CWE-125
critical
9.1
2020-02-10 CVE-2020-7059 Out-of-bounds Read vulnerability in multiple products
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer.
network
low complexity
php tenable oracle opensuse debian CWE-125
critical
9.1
2020-02-10 CVE-2020-7060 Out-of-bounds Read vulnerability in multiple products
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer.
network
low complexity
php tenable oracle opensuse debian CWE-125
critical
9.1
2019-12-20 CVE-2019-19919 Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution.
network
low complexity
handlebars-js-project tenable
critical
9.8
2019-12-09 CVE-2019-19646 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
network
low complexity
sqlite siemens tenable oracle netapp CWE-754
critical
9.8