CyberSecurityBoard
Sponsor Register Login

CVE-2025-0760

Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components (node.js, Envoy, libcurl) were found to contain vulnerabilities, and updated versions have been made available by the providers.Out of caution and in line with best practice, Tenable has opted to upgrade these components to address the potential impact of the issues. Tenable Identity Exposure 3.77.8 updates the following:node.js to version 20.18.2.0Envoy to version 1.29.12libcurl to version 8.11.1 Additionally, two separate vulnerabilities were discovered, reported and fixed:A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption. - CVE-2025-0760    A Broken Authorization schema exists where any authenticated user could download IOA script and configuration files if the URL is known. - CVE-2025-1091 Tenable has released Tenable Identity Exposure Version 3.77.8, which includes fixes to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/identity-exposure

This Cyber News was published on www.tenable.com. Publication date: Fri, 07 Feb 2025 08:52:02 +0000


Cyber News related to CVE-2025-0760

CVE-2025-0760 - Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components (node.js, Envoy, libcurl) were found to contain vulnerabilities, and updated versions have been made available by ...
4 days ago Tenable.com
CVE-2025-1091 - Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components (node.js, Envoy, libcurl) were found to contain vulnerabilities, and updated versions have been made available by ...
4 days ago Tenable.com
CVE-2025-0977 - Update the openssl crate to version 0.10.70 and the openssl-sys crate to version 0.9.105. ...
4 days ago Tenable.com
Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
1 year ago Bleepingcomputer.com
CVE-2012-0764 - The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, ...
12 years ago
CVE-2012-0762 - The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, ...
7 years ago
CVE-2012-0761 - The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, ...
7 years ago
CVE-2012-0763 - The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, ...
12 years ago
CVE-2012-0760 - The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, ...
12 years ago
CVE-2012-0757 - The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0760, ...
12 years ago
CVE-2012-0766 - The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, ...
12 years ago
CVE-2018-0761 - The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information ...
6 years ago
CVE-2018-0755 - The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information ...
6 years ago
CVE-2018-0760 - The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2012 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT ...
6 years ago
CVE-2018-0855 - The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information ...
4 years ago
CVE-2020-0760 - A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991. ...
3 years ago
CVE-2020-0991 - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0760. ...
3 years ago
CVE-2010-0760 - Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to ...
14 years ago
CVE-2010-0759 - Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via ...
7 years ago
CVE-2008-0760 - Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. NOTE: this issue ...
6 years ago
CVE-2000-0760 - The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension. ...
16 years ago
CVE-2002-0760 - Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 ...
16 years ago
CVE-2014-0760 - The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause ...
10 years ago
CVE-2016-0760 - Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions. ...
8 years ago
CVE-2003-0760 - Blubster 2.5 allows remote attackers to cause a denial of service (crash) via a flood of connections to UDP port 701. ...
7 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)