Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-10-02	CVE-2020-7070	Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. network low complexity php fedoraproject debian opensuse canonical netapp tenable CWE-565	5.3
2020-10-02	CVE-2020-7069	Inadequate Encryption Strength vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. network low complexity php fedoraproject debian opensuse canonical netapp oracle tenable CWE-326	6.5
2020-04-17	CVE-2020-5737	Cross-site Scripting vulnerability in Tenable Tenable.Sc 5.14.0/5.14.1 Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. network low complexity tenable CWE-79	5.4
2020-04-01	CVE-2020-7066	In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. network low complexity php tenable opensuse debian	4.3
2020-04-01	CVE-2020-7064	Out-of-bounds Read vulnerability in multiple products In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. network low complexity php debian canonical opensuse tenable CWE-125	5.4
2020-02-27	CVE-2020-7063	Improper Preservation of Permissions vulnerability in multiple products In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. network low complexity php tenable debian opensuse CWE-281	5.3
2019-12-09	CVE-2019-19645	Uncontrolled Recursion vulnerability in multiple products alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. local low complexity sqlite netapp oracle tenable siemens CWE-674	5.5
2019-02-20	CVE-2019-8331	Cross-site Scripting vulnerability in multiple products In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. network low complexity getbootstrap f5 redhat tenable CWE-79	6.1