Multiple vulnerabilities in Tenable.sc



Published: 2021-07-22 | Updated: 2022-07-14
Risk High
Patch available YES
Number of vulnerabilities 47
CVE-ID CVE-2019-19919
CVE-2019-19645
CVE-2020-7067
CVE-2020-7068
CVE-2020-7069
CVE-2020-7070
CVE-2020-7071
CVE-2021-21702
CVE-2021-21704
CVE-2021-21705
CVE-2019-16168
CVE-2019-19646
CVE-2020-7065
CVE-2020-11655
CVE-2020-11656
CVE-2020-13434
CVE-2020-13435
CVE-2020-13630
CVE-2020-13631
CVE-2020-13632
CVE-2020-15358
CVE-2020-11022
CVE-2020-7066
CVE-2020-7064
CVE-2021-23358
CVE-2019-11043
CVE-2017-5661
CVE-2019-8331
CVE-2018-20676
CVE-2018-20677
CVE-2018-14040
CVE-2018-14042
CVE-2016-10735
CVE-2019-11041
CVE-2019-11042
CVE-2019-11044
CVE-2020-7063
CVE-2019-11045
CVE-2019-11046
CVE-2019-11047
CVE-2019-11048
CVE-2019-11049
CVE-2019-11050
CVE-2020-7059
CVE-2020-7060
CVE-2020-7061
CVE-2020-7062
CWE-ID CWE-94
CWE-835
CWE-125
CWE-416
CWE-310
CWE-20
CWE-476
CWE-121
CWE-918
CWE-369
CWE-190
CWE-264
CWE-787
CWE-79
CWE-119
CWE-611
CWE-276
CWE-400
CWE-415
CWE-122
Exploitation vector Network
Public exploit Public exploit code for vulnerability #7 is available.
Public exploit code for vulnerability #11 is available.
Public exploit code for vulnerability #22 is available.
Vulnerability #26 is being exploited in the wild.
Public exploit code for vulnerability #31 is available.
Public exploit code for vulnerability #32 is available.
Public exploit code for vulnerability #33 is available.
Vulnerable software
Subscribe
Tenable.sc
Server applications / DLP, anti-spam, sniffers

Vendor Tenable Network Security

Security Bulletin

This security bulletin contains information about 47 vulnerabilities.

1) Prototype pollution

EUVDB-ID: #VU55264

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-19919

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Infinite loop

EUVDB-ID: #VU23791

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-19645

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in alter.c that can be triggered via certain types of self-referential views in conjunction with ALTER TABLE statements. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Out-of-bounds read

EUVDB-ID: #VU26979

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-7067

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing untrusted input passed to urldecode() PHP function. A remote attacker can send specially crafted data to the application that uses the affected function and gain access to sensitive information on the system

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Use-after-free

EUVDB-ID: #VU34121

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-7068

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the "phar_parse_zipfile" function. A remote attacker can can cause a denial of service (DoS) condition on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Cryptographic issues

EUVDB-ID: #VU47253

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-7069

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the openssl_encrypt() function generates a wrong ciphertext and a wrong tag for AES-CCM for a 12 bytes IV. As a result, a 7-byte nonce is used instead of 12 bytes. A remote attacker can abuse such behavior and decrypt data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Input validation error

EUVDB-ID: #VU47252

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-7070

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists in the way PHP parser handles cookies with percent character (e.g. '%'). A remote attacker can send a crafted HTTP request with a `__%48ost-` or `__%53ecure-` cookie that will be processed before other cookies sent in the same request. As a result, an attacker can set malicious `__Host-` cookie on a subdomain and bypass origin restrictions, imposed by browsers.

Successful exploitation of the vulnerability may allow an attacker to perform a spoofing attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Input validation error

EUVDB-ID: #VU49338

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-7071

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of URL performed via the "FILTER_VALIDATE_URL" setting. A remote attacker can use the "@" characters in the URL to bypass implemented filter and force the application to accept arbitrary URL instead of the defined by the option.

Example:

http://evel.website@trusted.website

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) NULL pointer dereference

EUVDB-ID: #VU50403

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-21702

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the SoapClient in PHP. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Stack-based buffer overflow

EUVDB-ID: #VU54566

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-21704

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

Multiple boundary errors exists within firebird_info_cb(), firebird_handle_doer(), firebird_stmt_execute(), and firebird_fetch_blob() function. A remote attacker can pass specially crafted input to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Server-Side Request Forgery (SSRF)

EUVDB-ID: #VU54565

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-21705

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request, bypass the FILTER_VALIDATE_URL and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Division by zero

EUVDB-ID: #VU23188

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-16168

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a division by zero error within the whereLoopAddBtreeIndex in sqlite3.c due to improper input validation in the sqlite_stat1 sz field. A remote attacker can pass specially crafted data to the application, trigger division by zero error and crash the vulnerable application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Input validation error

EUVDB-ID: #VU23792

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-19646

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of NOT NULL in an integrity_check PRAGMA command in pragma.c when generating certain columns. A remote attacker can perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Stack-based buffer overflow

EUVDB-ID: #VU26260

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-7065

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within php_unicode_tolower_full() function, as demonstrated by the mb_strtolower() call. A remote attacker can pass specially crafted data to the application that uses affected function, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Input validation error

EUVDB-ID: #VU27023

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-11655

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when the AggInfo object's initialization is mishandled. A remote attacker can pass specially crafted input via a malformed window-function query to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Use-after-free

EUVDB-ID: #VU27024

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-11656

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the ALTER TABLE implementation. A remote attacker can execute arbitrary code on the target system, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Integer overflow

EUVDB-ID: #VU28227

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-13434

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow within the sqlite3_str_vappendf() function in printf.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and crash the application.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Input validation error

EUVDB-ID: #VU28226

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-13435

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in sqlite3ExprCodeTarget() function in expr.c. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Use-after-free

EUVDB-ID: #VU34077

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-13630

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the fts3EvalNextRow() function in ext/fts3/fts3.c. A remote attacker can pass specially crafted data to application, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU34079

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-13631

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to bypass certain security restrictions.

The vulnerability exists due an error in alter.c and build.c files in SQLite that allows a local user to rename a virtual table into a shadow table. A local user with permissions to create virtual tables can renamed them and gain unauthorized access to the fronted application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) NULL pointer dereference

EUVDB-ID: #VU34080

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-13632

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in ext/fts3/fts3_snippet.c in SQLite. A local user can trigger denial of service conditions via a crafted matchinfo() query.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

21) Out-of-bounds write

EUVDB-ID: #VU30165

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-15358

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

22) Cross-site scripting

EUVDB-ID: #VU27052

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-11022

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: Yes

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the regex operation in "jQuery.htmlPrefilter". A remote attacker can pass specially crafted data to the application that uses .html()</code>, <code>.append() or similar methods for it and execute arbitrary JavaScript code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

23) Input validation error

EUVDB-ID: #VU26257

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-7066

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to get_headers() PHP function silently truncates headers after receiving a NULL byte character. A remote attacker can abuse this behavior to bypass implemented security restrictions with in the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

24) Out-of-bounds read

EUVDB-ID: #VU26259

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-7064

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within exif_read_data() PHP function. A remote attacker can pass specially crafted data to the application that uses the vulnerable function, trigger one byte out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

25) Code Injection

EUVDB-ID: #VU51945

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-23358

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

26) Buffer overflow

EUVDB-ID: #VU22304

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-11043

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in env_path_info in PHP-FPM when processing untrusted input passed via URL. A remote attacker can send a specially crafted HTTP request to the affected server, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that php-fpm is used with nginx and certain nginx configuration was applied:

  1. The nginx location directive forwards requests to PHP-FPM
  2. The fastcgi_split_path_info directive is present and includes a regular expression beginning with a ‘^’ symbol and ending with a ‘$’ symbol
  3. The fastcgi_param directive is used to assign the PATH_INFO variable
  4. There are no checks in place to determine whether or not a file exists (e.g., using try_files or an if statemen

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

27) Improper Restriction of XML External Entity Reference

EUVDB-ID: #VU6634

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2017-5661

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform an XXE attack.

The vulnerability exists due to insufficient validation of user-supplied data when processing SVG files. A remote attacker can create a specially crafted SVG file, trick the victim into opening it with affected application and gain access to potentially sensitive information.

Successful exploitation of the vulnerability may lead to system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

28) Cross-site scripting

EUVDB-ID: #VU17694

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-8331

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

29) Cross-site scripting

EUVDB-ID: #VU16956

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-20676

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists in the tooltip data-viewport attribute due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

30) Cross-site scripting

EUVDB-ID: #VU16542

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-20677

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists in the affix configuration target property due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

31) Cross-site scripting

EUVDB-ID: #VU13901

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14040

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists in the data-parent attribute of the collapse plugin due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

32) Cross-site scripting

EUVDB-ID: #VU13902

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14042

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists in the data-container property of the tooltip plugin due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

33) Cross-site scripting

EUVDB-ID: #VU21707

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-10735

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via the "data-target" attribute. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

34) Out-of-bounds read

EUVDB-ID: #VU21218

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-11041

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the exif_read_data() function. A remote attacker can create a specially crafted image file, pass it to the application, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

35) Out-of-bounds read

EUVDB-ID: #VU21217

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-11042

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the exif_read_data() function in PHP EXIF extention. A remote attacker can create a specially crafted image file, pass it to the application, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

36) Input validation error

EUVDB-ID: #VU34943

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-11044

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

37) Incorrect default permissions

EUVDB-ID: #VU25592

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-7063

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to incorrect default permissions for files and folders that are set during the Phar::buildFromIterator() call when adding files into tar archive. A local user can extract files from tar archive and gain access to otherwise restricted information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

38) Input validation error

EUVDB-ID: #VU33363

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-11045

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

39) Out-of-bounds read

EUVDB-ID: #VU34944

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-11046

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

40) Out-of-bounds read

EUVDB-ID: #VU33364

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-11047

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

41) Resource exhaustion

EUVDB-ID: #VU28318

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-11048

CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the way PHP handles long filenames or field names during file upload. A remote attacker can supply an overly long filename to the application that will lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This will lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

42) Double Free

EUVDB-ID: #VU55265

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-11049

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within mail() function implementation. A remote attacker can pass specially crafted header in lowercase, trigger double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

43) Use-after-free

EUVDB-ID: #VU33365

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-11050

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

44) Out-of-bounds read

EUVDB-ID: #VU25109

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-7059

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when using the "fgetss()" function to read data with stripping tags. A remote attacker can supply data that will cause this function to read past the allocated buffer, trigger out-of-bounds read error and read contents of memory on the system or crash the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

45) Out-of-bounds read

EUVDB-ID: #VU25110

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-7060

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when using certain "mbstring" functions to convert multibyte encodings. A remote attacker can supply data that will cause function "mbfl_filt_conv_big5_wchar" to read past the allocated buffer, trigger out-of-bounds read error and read contents of memory on the system or crash the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

46) Heap-based buffer overflow

EUVDB-ID: #VU25593

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-7061

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the phar_extract_file() function. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

47) NULL pointer dereference

EUVDB-ID: #VU25594

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-7062

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in session.c when handling file uploads. A remote attacker can send a specially crafted HTTP POST request to the affected application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Tenable.sc: 5.9.0 - 5.18.0


CPE2.3 External links

http://www.tenable.com/security/tns-2021-14

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###