Vulnerabilities > Tenable > Tenable SC > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-20 | CVE-2021-44790 | A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). | 9.8 |
2021-10-05 | CVE-2021-41116 | Command Injection vulnerability in multiple products Composer is an open source dependency manager for the PHP language. | 9.8 |
2021-09-16 | CVE-2021-40438 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. | 9.0 |
2021-08-24 | CVE-2021-3711 | Classic Buffer Overflow vulnerability in multiple products In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). | 9.8 |
2020-04-09 | CVE-2020-11656 | Use After Free vulnerability in multiple products In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. | 9.8 |
2020-02-27 | CVE-2020-7061 | Out-of-bounds Read vulnerability in multiple products In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. | 9.1 |
2020-02-10 | CVE-2020-7059 | Out-of-bounds Read vulnerability in multiple products When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. | 9.1 |
2020-02-10 | CVE-2020-7060 | Out-of-bounds Read vulnerability in multiple products When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. | 9.1 |
2019-12-20 | CVE-2019-19919 | Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. | 9.8 |
2019-12-09 | CVE-2019-19646 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. | 9.8 |