Category Archives: Advisories

Advisories

[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.20.0 to 5.21.0: Patch 202206.1

Read Time:31 Second

[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.20.0 to 5.21.0: Patch 202206.1
Arnie Cabral
Thu, 06/30/2022 – 11:05

Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components (Apache) was found to contain vulnerabilities, and updated versions have been made available by the providers.

Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact of these issues. Tenable.sc Patch 202206.1 updates Apache to version 2.4.54 to address the identified vulnerabilities

Read More

Advisories

CVE-2013-4146

Read Time:15 Second

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate is a duplicate of CVE-2012-3414. Notes: All CVE users should reference CVE-2012-3414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Read More

Advisories

CVE-2013-4170

Read Time:25 Second

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view’s `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain (“XSS”). This vulnerability only affects applications that assign or bind user-provided content to `tagName`.

Read More