Vulnerabilities - Yack CVE

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-7081 1Autodesk 1Fbx Software Development Kit Jun 17, 2026 Apr 17, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it.
CVE-2020-7080 1Autodesk 1Fbx Software Development Kit Jun 17, 2026 Apr 17, 2020 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it.
CVE-2020-7079 1Autodesk 1Dynamo Bim Jun 17, 2026 Apr 17, 2020 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files.
CVE-2020-7070 7Canonical DebianFedoraproject+4 more 7Clustered Data Ontap Debian LinuxFedora+4 more Jun 17, 2026 Oct 2, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host conf...Show more In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.Show less
CVE-2020-7069 8Canonical DebianFedoraproject+5 more 8Clustered Data Ontap Communications Diameter Signaling RouterDebian Linux+5 more Jun 17, 2026 Oct 2, 2020 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to b...Show more In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.Show less
CVE-2020-7068 3Debian PhpTenable 3Debian Linux PhpTenable.sc Jun 17, 2026 Sep 9, 2020 N/A· v4 3.6 LOW· v3 3.3 LOW· v2 In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash...Show more In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.Show less
CVE-2020-7067 4Debian OraclePhp+1 more 4Communications Diameter Signaling Router Debian LinuxPhp+1 more Jun 17, 2026 Apr 27, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erro...Show more In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.Show less
CVE-2020-7066 4Debian OpensusePhp+1 more 4Debian Linux LeapPhp+1 more Jun 17, 2026 Apr 1, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may...Show more In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.Show less
CVE-2020-7065 4Canonical DebianPhp+1 more 4Debian Linux PhpTenable.sc+1 more Jun 17, 2026 Apr 1, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memor...Show more In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.Show less
CVE-2020-7064 5Canonical DebianOpensuse+2 more 5Debian Linux LeapPhp+2 more Jun 17, 2026 Apr 1, 2020 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory...Show more In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.Show less
CVE-2020-7063 4Debian OpensusePhp+1 more 4Debian Linux LeapPhp+1 more Jun 17, 2026 Feb 27, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) ev...Show more In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.Show less
CVE-2020-7062 4Canonical DebianOpensuse+1 more 4Debian Linux LeapPhp+1 more Jun 17, 2026 Feb 27, 2020 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and...Show more In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.Show less
CVE-2020-7061 2Php Tenable 2Php Tenable.sc Jun 17, 2026 Feb 27, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could po...Show more In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.Show less
CVE-2020-7060 5Debian OpensuseOracle+2 more 5Communications Diameter Signaling Router Debian LinuxLeap+2 more Jun 17, 2026 Feb 10, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big...Show more When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.Show less
CVE-2020-7059 5Debian OpensuseOracle+2 more 5Communications Diameter Signaling Router Debian LinuxLeap+2 more Jun 17, 2026 Feb 10, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the all...Show more When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.Show less
CVE-2020-7058 1Cacti 1Cacti Jun 17, 2026 Jan 15, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm.
CVE-2020-7057 1Hikvision 1Ds 7204hghi F1 Firmware Jun 17, 2026 Jan 14, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it...Show more Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed.Show less
CVE-2020-7055 1Elementor 1Elementor Page Builder Jun 17, 2026 Apr 22, 2020 N/A· v4 9.9 CRITICAL· v3 9.0 HIGH· v2 An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive.
CVE-2020-7054 1Mz Automation 1Libiec61850 Jun 17, 2026 Jan 14, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type.
CVE-2020-7053 1Linux 1Linux Kernel Jun 17, 2026 Jan 14, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CI...Show more In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c.Show less
CVE-2020-7052 1Codesys 15Control For Beaglebone Control For Empc A/imx6Control For Iot2000+12 more Jun 17, 2026 Jan 24, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition.
CVE-2020-7051 1Codologic 1Codoforum Jun 17, 2026 Feb 13, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover.
CVE-2020-7050 1Codologic 1Codoforum Jun 17, 2026 Feb 15, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session...Show more Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts.Show less
CVE-2020-7049 1Nozominetworks 1Guardian Jun 17, 2026 Jun 30, 2020 N/A· v4 7.3 HIGH· v3 8.5 HIGH· v2 Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection.
CVE-2020-7048 1Webfactoryltd 1Wp Database Reset Jun 17, 2026 Jan 16, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in tha...Show more The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI.Show less

Previous 1...868788...14337 Next

Vulnerabilities (CVE)