Vulnerabilities > Tenable > Tenable SC > 5.16.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-16 | CVE-2021-23841 | NULL Pointer Dereference vulnerability in multiple products The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. | 5.9 |
| 2020-10-02 | CVE-2020-7070 | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. | 5.3 |
| 2020-10-02 | CVE-2020-7069 | Inadequate Encryption Strength vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. | 6.5 |
| 2020-09-09 | CVE-2020-7068 | Use After Free vulnerability in multiple products In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure. | 3.3 |
| 2020-04-27 | CVE-2020-7067 | Out-of-bounds Read vulnerability in multiple products In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes. | 5.0 |
| 2020-04-09 | CVE-2020-11656 | Use After Free vulnerability in multiple products In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. | 7.5 |
| 2020-04-09 | CVE-2020-11655 | Improper Initialization vulnerability in multiple products SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. | 5.0 |
| 2020-04-01 | CVE-2020-7066 | In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. | 4.3 |
| 2020-04-01 | CVE-2020-7064 | Out-of-bounds Read vulnerability in multiple products In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. | 5.8 |
| 2020-02-27 | CVE-2020-7063 | Improper Preservation of Permissions vulnerability in multiple products In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. | 5.0 |