Facebook Google Plus Twitter LinkedIn YouTube RSS 菜单 搜索 资源——博客资源——在线研讨会资源——报告资源——事件icons_066 icons_067icons_068icons_069icons_070

Tenable Research Advisories

This page contains information regarding security vulnerabilities in third-party software discovered by a dedicated team supported by researchers and engineers at Tenable.Tenable believes in coordinated disclosure, working with vendors to better protect our customers.Please refer to our Vulnerability Disclosure Policy for additional details.

For issues that impact Tenable products, please visit the Tenable Product Security Advisories.For more details on submitting vulnerability information for Tenable products, please see our Vulnerability Reporting Guidelines page.

Find a vulnerability in a Tenable product?

Please report it here

Report

Date Advisory ID Name Severity
六月 15, 2018 TRA-2018-18 [R1] Burp Suite Community Edition Improper Certificate Validation Medium
六月 14, 2018 TRA-2018-17 [R1] libturbo-jpeg Denial of Service Medium
六月 12, 2018 TRA-2018-16 [R1] GlassFish 4.x Denial of Service High
六月 11, 2018 TRA-2018-15 [R1] HPE Moonshot Provisioning Manager Arbitrary File Move High
六月 11, 2018 TRA-2018-14 [R1] Western Digital TV Media Player and Live Hub Unauthenticated RCE Critical
六月 8, 2018 TRA-2018-13 [R2] IBM Netezza Appliance Local Privilege Escalation High
五月 4, 2018 TRA-2018-12 [R1] Cylance PROTECT Missing SSL Certificate Verification Medium
五月 4, 2018 TRA-2018-11 [R1] Cisco Prime Data Center Network Manager Remote Code Execution Critical
五月 4, 2018 TRA-2018-10 [R1] Trend Micro Smart Protection Server Denial of Service High
五月 4, 2018 TRA-2018-09 [R1] OpenVPN Windows Service Double Free High
四月 12, 2018 TRA-2018-08 [R1] Belkin N750 F9K1103 v1 Multiple Vulnerabilities Critical
四月 6, 2018 TRA-2018-07 [R3] Schneider Electric InduSoft Web Studio and InTouch Machine Edition Remote Code Execution Critical
三月 28, 2018 TRA-2018-06 [R1] Cisco IOS and IOS XE Multiple Memory Corruption Vulnerabilities High
二月 26, 2018 TRA-2018-05 [R1] Micro Focus Operations Orchestrations Information Disclosure and Remote Denial of Service High
二月 26, 2018 TRA-2018-04 [R3] Check Point Gaia OS Privilege Escalation Medium
二月 15, 2018 TRA-2018-03 [R2] EMC VASA Virtual Appliance Default Creds and Arbitrary File Upload Critical
一月 29, 2018 TRA-2018-02 [R1] NetGain Enterprise Manager Multiple Remote Vulnerabilities High
一月 29, 2018 TRA-2018-01 [R1] HPE Intelligent Management Center (iMC) PLAT Java RMI RCE High
十一月 21, 2017 TRA-2017-37 [R1] gSOAP HTTP DIME Parsing Denial of Service Medium
十一月 21, 2017 TRA-2017-36 [R1] Firebird fbudf Module Authenticated Remote Code Execution Critical
十一月 20, 2017 TRA-2017-35 [R2] Verizon Fios Quantum Gateway G1100 Remote Information Disclosure Medium
十一月 20, 2017 TRA-2017-34 [R1] Siemens SIMATIC Logon Denial of Service Medium
十一月 10, 2017 TRA-2017-33 [R1] Wanscam Network Camera Multiple Vulnerabiltiies Medium
十一月 9, 2017 TRA-2017-32 [R1] HPE Universal Configuration Management Database Multiple Vulnerabilities Critical
十一月 8, 2017 TRA-2017-31 [R1] ManageEngine ServiceDesk Multiple Vulnerabilties High
十一月 7, 2017 TRA-2017-30 [R1] HPE System Management Homepage Remote Denial of Service High
十一月 7, 2017 TRA-2017-29 [R1] Advantech WebAccess SQL Injection Critical
十一月 7, 2017 TRA-2017-28 [R1] HPE Operations Orchestration Central Remoting Java Deserialization Remote Code Execution High
十一月 7, 2017 TRA-2017-27 [R1] HPE Intelligent Management Center SOM Module Remote File Disclosure Medium
十一月 6, 2017 TRA-2017-26 [R1] HP Data Protector Multiple Remote Vulnerabilities High
十一月 6, 2017 TRA-2017-25 [R2] HPE Operations Orchestration Incomplete Fix for CVE-2016-8519 High
十一月 6, 2017 TRA-2017-24 [R1] Ecava IntegraXor SQL Injection Remote Code Execution High
十一月 3, 2017 TRA-2017-23 [R1] Cisco Security Manager and Prime LMS Java Deserialization Remote Code Execution Critical
十一月 2, 2017 TRA-2017-22 [R1] ReadyMedia HTTP Request Denial of Service High
十一月 2, 2017 TRA-2017-21 [R1] Check_MK Multisite Web UI Reflected XSS Medium
十一月 2, 2017 TRA-2017-20 [R2] Check_MK Multisite Web UI Stored and Reflected XSS Medium
五月 2, 2017 TRA-2017-19 [R1] Kaa IoT Platform SdkServlet / RecordServlet Java Object Deserialization Remote Code Execution High
四月 26, 2017 TRA-2017-18 [R1] HP Intelligent Management Center (iMC) Platform euplat RMI Registry Java Deserialization Remote Code Execution Critical
四月 19, 2017 TRA-2017-17 [R1] ManageEngine ServiceDesk Plus AuthError.jsp ErrorMsg Parameter Reflected XSS Medium
四月 18, 2017 TRA-2017-16 [R1] Oracle WebLogic Server Web Container Subcomponent Reflected PartItem File Manipulation Remote Code Execution Critical
三月 30, 2017 TRA-2017-15 [R2] NetIQ Sentinel Multiple Remote Vulnerabilities High
三月 25, 2017 TRA-2017-14 [R1] Cisco Unified Customer Voice Portal Java Deserialization Remote Code Execution Critical
三月 18, 2017 TRA-2017-13 [R1] HPE LoadRunner libxdrutil.dll mxdr_string() Function XDR String Handling Remote Heap Buffer Overflow Critical
三月 16, 2017 TRA-2017-12 [R1] HP Intelligent Management Center (iMC) Platform /imc/fault/accessMgrServlet Java Deserialization Remote Code Execution Critical
三月 15, 2017 TRA-2017-11 [R1] Sophos XG Firewall login.jsp utype Parameter Reflected XSS Medium
三月 13, 2017 TRA-2017-10 [R1] Debian MediaTomb (fork) Multiple Remote Vulnerabilities Critical
二月 1, 2017 TRA-2017-09 [R2] HP Intelligent Management Center (iMC) Platform /rptviewer/servlets/redirectviewer Multiple Remote Issues High
一月 26, 2017 TRA-2017-08 [R1] Portable SDK for UPnP Devices (libupnp) glibc Implementation getaddrinfo() Function Remote Stack Overflow Critical
一月 25, 2017 TRA-2017-07 [R1] Oracle WebLogic RMI Registry UnicastRef Object Java Deserialization Remote Code Execution Critical
一月 23, 2017 TRA-2017-06 [R1] ManageEngine ADAudit Plus Multiple Vulnerabilities High
一月 20, 2017 TRA-2017-05 [R1] HP Operations Orchestration (HP OO) /oo/backwards-compatibility/wsExecutionBridgeService Jaa Deserialization Remote Code Execution Critical
一月 19, 2017 TRA-2017-04 [R1] Advantech WebAccess Multiple Vulnerabilities High
一月 18, 2017 TRA-2017-03 [R2] Oracle Outside In Content Access vspdf.dll Multiple Remote DoS Medium
一月 11, 2017 TRA-2017-02 [R2] Sophos Web Protection Appliance ftp_redirect.php s Parameter Reflected XSS Medium
一月 9, 2017 TRA-2017-01 [R1] Liferay CE Portal /api/liferay Java Deserialization Blacklist Bypass Remote Code Execution Critical
十二月 11, 2016 TRA-2016-39 [R1] Hewlett Packard Network Automation RPCServlet Arbitrary Code Execution High
十二月 5, 2016 TRA-2016-38 [R1] Cisco Prime Collaboration Provisioning Restricted CLI Bypass Local Privilege Escalation Medium
十一月 29, 2016 TRA-2016-37 [R2] Dell SonicWALL /appliance/license.jsp Serial Number Disclosure Remote Privilege Escalation Medium
十一月 28, 2016 TRA-2016-36 [R1] ManageEngine OpManager NMS Server Multiple Vulnerabilities Critical
十一月 25, 2016 TRA-2016-35 [R1] WISE Server Commons Collection / FileUpload Java Deserialization Remote Command Execution Critical
十一月 16, 2016 TRA-2016-34 [R1] VMWare vRealize Operations Manager Appliance Multiple Vulnerabilities Chained Remote Code Execution High
十一月 1, 2016 TRA-2016-33 [R1] Oracle WebLogic Server Commons DiskFileItem Remote File Manipulation Critical
十月 29, 2016 TRA-2016-32 [R1] HP System Management Homepage (SMH) Multiple Remote Stack Buffer Overflows High
十月 21, 2016 TRA-2016-31 [R1] ManageEngine ADAudit Plus Obfuscated Cookie Password Disclosure Low
十月 17, 2016 TRA-2016-30 [R1] Novell NetIQ Sentinel Commons DiskFileItem RMI Java Deserialization Remote File Creation / Manipulation Critical
十月 6, 2016 TRA-2016-29 [R2] Citrix License Server / Flexera FlexNet Publisher lmadmin.exe 2F Packet Handling Remote DoS Medium
九月 26, 2016 TRA-2016-28 [R2] CloudView NMS Multiple Remote Vulnerabilities High
九月 22, 2016 TRA-2016-27 [R1] Hewlett Packard Network Automation RMI Registry Port Java Deserialization Remote Code Execution Critical
九月 21, 2016 TRA-2016-26 [R1] HP LoadRunner Multiple Remote DoS High
九月 14, 2016 TRA-2016-25 [R1] Red5 Server RMI Registry /red5 Java Deserialization Remote Code Execution Critical
八月 18, 2016 TRA-2016-24 [R1] PowerFolder Multiple Remote Vulnerabilities Critical
八月 12, 2016 TRA-2016-23 [R4] Apache Wicket DiskFileItem Java Deserialization Remote File Manipulation Medium
七月 20, 2016 TRA-2016-22 [R2] Red Hat JBoss Operations Network /jboss-remoting-servlet-invoker/ServerInvokerServlet Jython Deserialization Remote Code Execution Critical
七月 19, 2016 TRA-2016-21 [R1] Oracle WebLogic Server weblogic.corba.utils.MarshallObject Java Deserialization Remote Code Execution Critical
七月 8, 2016 TRA-2016-20 [R2] Pivotal Spring Framework HttpInvokerServiceExporter readRemoteInvocation Method Untrusted Java Deserialization Critical
六月 28, 2016 TRA-2016-19 [R1] Palo Alto Networks PAN-OS /api Multiple Parameter Handling Remote DoS Medium
六月 27, 2016 TRA-2016-18 [R1] IBM iAccess for Windows i Navigator Encoded Windows Admin Password Local Disclosure Low
六月 13, 2016 TRA-2016-17 [R2] HP Loadrunner / HP Performance Center Virtual Table Server (VTS) \web\admin\data.js Remote File Deletion High
六月 13, 2016 TRA-2016-16 [R2] HP LoadRunner mchan.dll Shared Memory Object Name Construction Remote Stack Buffer Overflow High
五月 17, 2016 TRA-2016-15 [R1] Ipswitch WhatsUp Gold WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection Medium
五月 5, 2016 TRA-2016-14 [R1] HP System Management Homepage (SMH) mod_smh_config.so AddCertsToTrustCfgList() Function X.509 Certificate Subject Common Name Handling Remote DoS Low
五月 3, 2016 TRA-2016-13 [R1] Core FTP Server Path Traversal Arbitrary File/Directory Access Medium
四月 20, 2016 TRA-2016-12 [R3] Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution (LOBSTER) Critical
四月 20, 2016 TRA-2016-11 [R1] Oracle MySQL Enterprise Monitor Multiple Library readObject() Function Java Object Deserialization Remote Code Execution High
四月 19, 2016 TRA-2016-10 [R2] ManageEngine OpManager / Service Desk Multiple Vulnerabilities High
四月 19, 2016 TRA-2016-09 [R1] Oracle WebLogic ClassFilter.class ServerChannelInputStream Bypass Java Deserialization Remote Code Execution Critical
四月 15, 2016 TRA-2016-08 [R1] Cisco Unified Computing System - Multiple Vulnerabilities Medium
四月 13, 2016 TRA-2016-07 [R1] Microsoft Windows 10 lsass.exe Empty SID Lookup Handling Remote DoS Medium
四月 5, 2016 TRA-2016-06 [R1] Cisco Multiple Routers Fragmented IKEv2 Packet Handling Remote Integer Overflow High
三月 29, 2016 TRA-2016-05 [R1] Barco ClickShare Multiple Script Remote Command Execution High
三月 28, 2016 TRA-2016-04 [R2] Cisco IOS Smart Install Client Feature Config / Boot Image File List Upload Remote Code Execution High
三月 24, 2016 TRA-2016-03 [R1] Microsoft Windows DNS Server dns.exe answerIQuery() Function Remote Buffer Overflow Medium
三月 14, 2016 TRA-2016-02 [R1] HP Operations Manager i flex-messaging-core.jar XML External Entity (XXE) Injection Remote Information Disclosure Medium
二月 17, 2016 TRA-2016-01 [R1] ManageEngine AssetExplorer /workorder/FileDownload.jsp fName Parameter Traversal Remote File Disclosure Medium
十二月 14, 2015 TRA-2015-07 [R1] ManageEngine Desktop Central /statusUpdate fileName Parameter Traversal Multiple Extension File Upload Remote Code Execution Critical
十一月 30, 2015 TRA-2014-04 [R1] NetMotion Mobility VPN nmdrv.sys TCP Connection Termination Handling Remote DoS High
十一月 30, 2015 TRA-2015-06 [R1] HP Client Automation / Accelerite Endpoint Management Core Server HPCA Management Agent (nvdkit.exe) Cleartext Credentials MiTM Disclosure Low
十一月 24, 2015 TRA-2015-05 [R1] FreeSWITCH parse_string() Function Multiple Vector Remote Heap Buffer Overflow Critical
十月 21, 2015 TRA-2015-04 [R1] NTP Autokey Functionality Multiple Remote DoS High
十月 15, 2015 TRA-2015-03 [R1] 3S CODESYS PLCWinNT Runtime Service NULL Pointer Dereference Remote DoS High
九月 15, 2015 TRA-2015-02 [R2] Palo Alto Networks Panorama VM Appliance PAN-OS Firmware Signature Verification Bypass Arbitrary Code Execution High
八月 24, 2015 TRA-2015-01 [R1] Microsoft Windows SMB v1 Service Principal Name Handling Remote Buffer Overflow High
五月 14, 2014 TRA-2014-01 Juniper Junos Space MySQL Server Unspecified Hardcoded Credentials High
二月 28, 2014 TRA-2014-02 Novell ZENworks Configuration Management (ZCM) PreBoot Service (novell-pbserv.exe) Remote Path Traversal File Access High
一月 30, 2014 TRA-2014-03 3S CoDeSys Runtime Toolkit Unspecified NULL Pointer Dereference Remote DoS High
十一月 12, 2013 TRA-2013-08 Adobe ColdFusion CFIDE Directory Unspecified Reflected XSS Medium
九月 3, 2013 TRA-2013-07 [R1] Cisco Prime Network Control System (NCS) / Wireless Control System (WCS) login.jsp requestUrl Parameter Reflected XSS Medium
七月 24, 2013 TRA-2013-05 HP LoadRunner magentproc.exe SSL Connection Handling Buffer Overflow Remote Code Execution High
七月 24, 2013 TRA-2013-06 HP LoadRunner XDR-encoded Data Handling Remote Buffer Overflow High
五月 22, 2013 TRA-2013-10 3S CoDeSys Gateway Unspecified Use-after-free Arbitrary Code Execution Critical
五月 14, 2013 TRA-2013-04 Adobe ColdFusion Unspecified Remote Code Execution Critical
四月 19, 2013 TRA-2013-09 [R1] IBM InfoSphere Products /rdweb/getUsers.do Remote Account Information Remote Disclosure Medium
三月 27, 2013 TRA-2013-03 Cisco IOS Smart Install Client Feature Malformed Config / Boot Image File Upload Remote Code Execution Critical
一月 23, 2013 TRA-2013-02 [R1] WebYaST /host Configuration Path Handling Unauthenticated Host List Manipulation Medium
一月 9, 2013 TRA-2013-01 Dell OpenManage Server Administrator /help/sm/en/Output/wwhelp/wwhimpl/js/html/index_main.htm topic Parameter DOM-based XSS Medium
八月 29, 2012 TRA-2012-18 Novell File Reporter NFRAgent.exe VOL Element Tag Parsing Remote Overflow High
八月 22, 2012 TRA-2012-17 [R1] McAfee Email and Web Security / Email Gateway Multiple Vulnerabilities Critical
七月 20, 2012 TRA-2012-16 [R1] Symantec Web Gateway (SWG) Multiple Vulnerabilities #2 Critical
六月 10, 2012 TRA-2012-05 Rocket U2 UniData unidata72 RPC Interface Call Parsing Arbitrary Command Execution Critical
五月 19, 2012 TRA-2012-04 [R1] Symantec LiveUpdate Administrator Installation Directory Permission Weakness Local Privilege Escalation High
五月 17, 2012 TRA-2012-03 [R1] Symantec Web Gateway (SWG) Multiple Vulnerabilities #1 Critical
五月 9, 2012 TRA-2012-02 Apple Mac OS X SRP-Based Authentication Credential Verification Time Capsule Credential Information Disclosure Medium
五月 3, 2012 TRA-2012-19 [R1] CiscoWorks Prime LAN Management Solution (LMS) Autologin.jsp URL Parameter HTTP Header Response Splitting Medium
一月 10, 2012 TRA-2012-01 PHP Timezone Functionality php_date_parse_tzfile Cache strtotime Function Call Saturation Remote DoS Medium
十一月 11, 2011 TRA-2011-12 HP StorageWorks P4000 Virtual SAN Appliance Software Management Service Authentication Bypass Remote Command Execution High
十一月 3, 2011 TRA-2011-10 [R1] Dell KACE K2000 System Deployment Appliance Multiple Reflected XSS Medium
十一月 3, 2011 TRA-2011-08 [R1] Dell KACE K2000 System Deployment Appliance Read-Only Account Default Credentials Remote Information Disclosure Medium
十一月 3, 2011 TRA-2011-09 [R1] Dell KACE K2000 System Deployment Appliance Task Processor Database Write Access Remote Privilege Escalation High
十一月 3, 2011 TRA-2011-11 [R2] Dell KACE K2000 System Deployment Appliance Backdoor Admin Account Critical
十月 11, 2011 TRA-2011-07 [R1] Microsoft Forefront Unified Access Gateway Multiple Vulnerabilities Medium
八月 8, 2011 TRA-2011-06 [R2] HP OpenView Performance Insight sendEmail.jsp bgcolor Parameter Reflected XSS Medium
七月 19, 2011 TRA-2011-05 [R1] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution Critical
五月 31, 2011 TRA-2011-04 [R1] IBM Tivoli Management Framework Endpoint lcfd.exe opts Field Handling Remote Buffer Overflow High
四月 26, 2011 TRA-2011-03 IBM solidDB rpc_test_svc Commands Handling NULL Dereference Remote DoS High
四月 1, 2011 TRA-2011-02 IBM solidDB Password Hash Verification Bypass Remote Code Execution High
二月 8, 2011 TRA-2011-01 [R1] Adobe ColdFusion Administrator Console login.cfm URI Handling Reflected XSS Medium
十二月 15, 2010 TRA-2010-05 HP Power Manager Management Server Login Form URL Parameter Buffer Overflow High
十一月 6, 2010 TRA-2010-04 [R1] FreeNAS exec_raw.php cmd Parameter Remote Command Execution Critical
十月 13, 2010 TRA-2010-03 [R1] HP Multiple Products switchFWInstallStatus.jsp logfile Parameter Arbitrary File Access High
九月 8, 2010 TRA-2010-02 [R1] phpMyAdmin Setup Script setup/frames/index.inc.php Verbose Server Name Stored XSS Medium
五月 5, 2010 TRA-2010-01 HP Mercury LoadRunner Agent magentproc.exe Remote Arbitrary Code Execution Critical
十二月 16, 2009 TRA-2009-04 HP Storage OpenView Data Protector Backup Client Service MSG_PROTOCOL Command Remote Overflow Critical
十一月 10, 2009 TRA-2009-03 Movable Type /mt/mt-check.cgi System Information Disclosure Medium
四月 14, 2009 TRA-2009-02 [R1] phpMyAdmin < 3.1.3.2 Multiple Vulnerabilities Critical
三月 19, 2009 TRA-2009-01 Adobe Acrobat getIcon() Function PDF Handling Overflow High
八月 14, 2008 TRA-2008-01 Symantec Veritas Storage Foundation Scheduler Service (VxSchedService.exe) NULL NTLMSSP Authentication Bypass Critical
十二月 14, 2007 TRA-2007-12 HP-UX Software Distributor (SD) swagentd sw_rpc_agent_init Function Crafted DCE RPC Request Remote Overflow Critical
十二月 11, 2007 TRA-2007-11 Microsoft Windows Message Queuing MSMQ Message Handling Arbitrary Code Execution High
十二月 7, 2007 TRA-2007-10 Novell NetMail AntiVirus Agent (avirus.exe) Unspecified ASCII Iinteger Handling Remote Overflow Medium
十二月 6, 2007 TRA-2007-09 HP OpenView Network Node Manager (OV NNM) Multiple Remote Overflow Critical
十月 10, 2007 TRA-2007-08 CA BrightStor ARCServe Backup Message Engine RPC Service Arbitrary Code Execution Critical
九月 4, 2007 TRA-2007-07 MIT Kerberos 5 RPCSEC_GSS RPC Library (librpcsecgss) lib/rpc/svc_auth_gss.c svcauth_gss_validate Function Remote Overflow Critical
八月 20, 2007 TRA-2007-06 EMC NetWorker Remote Exec Service (nsrexecd.exe) Remote Overflow High
七月 25, 2007 TRA-2007-05 BakBone NetVault Reporter Manager Scheduler Client Multiple Remote Overflow Critical
七月 20, 2007 TRA-2007-04 Panda AdminSecure Agent Crafted Packet Remote Overflow High
五月 9, 2007 TRA-2007-03 CA Multiple Products inoweb Console Server Authentication Remote Overflow Critical
四月 24, 2007 TRA-2007-02 CA BrightStor ARCserve Backup Media Server SUN RPC Service Remote Overflows Critical
四月 18, 2007 TRA-2007-01 Novell GroupWise WebAccess GWINTER.exe Basic Authentication Base64 Decoding Overflow Critical
七月 11, 2006 TRA-2006-01 Microsoft Windows Server Service SRV.SYS Crafted Request SMB Information Disclosure Medium
免费试用 立即购买

试用 Tenable.io 漏洞管理

可免费试用 60 天

享受现代、基于云的漏洞风险管理平台的完整权限,可让您以无与伦比的精确度查看和跟踪所有资产。立即注册并在 60 秒钟内运行第一次扫描。

购买 Tenable.io 漏洞管理

享受现代、基于云的漏洞风险管理平台的完整权限,可让您以无与伦比的精确度查看和跟踪所有资产。现在就购买年度订阅。

65资产

免费试用 Nessus 专业版

可免费试用 7 天

Nessus® 是当今市面上最全面的漏洞风险扫描工具。Nessus Professional 可帮助自动化漏洞风险扫描过程,节省合规周期的时间,并可让您提升 IT 团队敬业度。