|
197081
|
4.3 |
MEDIUM
Network
|
php
tenable
opensuse
debian
|
php
tenable.sc
leap
debian_linux
|
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently trunc…
|
NVD-CWE-Other
|
CVE-2020-7066
|
2024-11-21 14:36 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197082
|
8.8 |
HIGH
Network
|
php
debian
canonical
tenable
|
php
debian_linux
ubuntu_linux
tenable.sc
|
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. Thi…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7065
|
2024-11-21 14:36 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197083
|
5.4 |
MEDIUM
Network
|
php
debian
canonical
opensuse
tenable
|
php
debian_linux
ubuntu_linux
leap
tenable.sc
|
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-7064
|
2024-11-21 14:36 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197084
|
8.8 |
HIGH
Network
|
elastic
|
elasticsearch
|
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can…
|
CWE-269
Improper Privilege Management
|
CVE-2020-7009
|
2024-11-21 14:36 |
2020-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197085
|
7.8 |
HIGH
Local
|
mcafee
|
application_and_change_control
|
DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder.
|
CWE-426
Untrusted Search Path
|
CVE-2020-7260
|
2024-11-21 14:36 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197086
|
6.5 |
MEDIUM
Network
|
moxa
|
mds-g516e_firmware
|
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-6999
|
2024-11-21 14:36 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197087
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
|
Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with eno…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-6815
|
2024-11-21 14:36 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197088
|
9.8 |
CRITICAL
Network
|
mozilla
canonical
|
firefox_esr
thunderbird
firefox
ubuntu_linux
|
Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these co…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-6814
|
2024-11-21 14:36 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197089
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Co…
|
NVD-CWE-Other
|
CVE-2020-6813
|
2024-11-21 14:36 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197090
|
5.3 |
MEDIUM
Network
|
mozilla
canonical
|
firefox_esr
thunderbird
firefox
ubuntu_linux
|
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate de…
|
CWE-200
Information Exposure
|
CVE-2020-6812
|
2024-11-21 14:36 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
