U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:tenable:tenable.sc:5.13.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 31 matching records.
Displaying matches 21 through 31.
Vuln ID Summary CVSS Severity
CVE-2020-7066

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.

Published: April 01, 2020; 12:15:14 AM -0400
V3.1: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-7065

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.

Published: April 01, 2020; 12:15:13 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-7064

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.

Published: April 01, 2020; 12:15:13 AM -0400
V3.1: 5.4 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2020-7063

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.

Published: February 27, 2020; 4:15:19 PM -0500
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2020-7061

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.

Published: February 27, 2020; 4:15:18 PM -0500
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2020-7060

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.

Published: February 10, 2020; 3:15:12 AM -0500
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2020-7059

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.

Published: February 10, 2020; 3:15:12 AM -0500
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2019-19919

Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.

Published: December 20, 2019; 6:15:11 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-19646

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

Published: December 09, 2019; 2:15:14 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-19645

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

Published: December 09, 2019; 11:15:10 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2019-8331

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

Published: February 20, 2019; 11:29:00 AM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM