5.14.0

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-27	CVE-2020-7063	Improper Preservation of Permissions vulnerability in multiple products In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. network low complexity php tenable debian opensuse CWE-281	5.0
2020-02-27	CVE-2020-7061	Out-of-bounds Read vulnerability in multiple products In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. network low complexity php tenable CWE-125	6.4
2020-02-10	CVE-2020-7060	Out-of-bounds Read vulnerability in multiple products When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. network low complexity php tenable oracle opensuse debian CWE-125	6.4
2020-02-10	CVE-2020-7059	Out-of-bounds Read vulnerability in multiple products When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. network low complexity php tenable oracle opensuse debian CWE-125	6.4
2019-12-20	CVE-2019-19919	Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. network low complexity handlebars-js-project tenable	7.5
2019-12-09	CVE-2019-19646	Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. network low complexity sqlite siemens tenable oracle netapp CWE-754	7.5
2019-12-09	CVE-2019-19645	Uncontrolled Recursion vulnerability in multiple products alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. local low complexity sqlite netapp oracle tenable siemens CWE-674	2.1
2019-08-09	CVE-2019-11042	Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. network low complexity php debian canonical apple opensuse redhat tenable CWE-125	7.1
2019-08-09	CVE-2019-11041	Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. network low complexity php debian canonical apple opensuse redhat tenable CWE-125	7.1
2019-02-20	CVE-2019-8331	Cross-site Scripting vulnerability in multiple products In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. network low complexity getbootstrap f5 redhat tenable CWE-79	6.1