Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10795 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156). | |||||
| CVE-2018-20931 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). | |||||
| CVE-2018-20930 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). | |||||
| CVE-2018-20898 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). | |||||
| CVE-2018-20925 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379). | |||||
| CVE-2016-10842 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74). | |||||
| CVE-2017-18407 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.8 MEDIUM | 4.8 MEDIUM |
| cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279). | |||||
| CVE-2017-18408 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282). | |||||
| CVE-2017-18409 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283). | |||||
| CVE-2017-18410 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284). | |||||
| CVE-2017-18464 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.5 MEDIUM | 4.9 MEDIUM |
| cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226). | |||||
| CVE-2017-18465 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 2.1 LOW | 4.4 MEDIUM |
| cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227). | |||||
| CVE-2017-18474 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201). | |||||
| CVE-2016-10775 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173). | |||||
| CVE-2017-18416 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 3.6 LOW | 5.5 MEDIUM |
| cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303). | |||||
| CVE-2017-18467 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229). | |||||
| CVE-2017-18482 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213). | |||||
| CVE-2017-18479 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209). | |||||
| CVE-2017-18480 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210). | |||||
| CVE-2017-18468 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232). | |||||
| CVE-2017-18478 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207). | |||||
| CVE-2017-18477 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206). | |||||
| CVE-2017-18411 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.8 MEDIUM |
| The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285). | |||||
| CVE-2016-10832 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102). | |||||
| CVE-2016-10835 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). | |||||
| CVE-2018-20937 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | |||||
| CVE-2016-10829 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99). | |||||
| CVE-2018-20934 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411). | |||||
| CVE-2019-14747 | 1 Diaowen | 1 Dwsurvey | 2019-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter. | |||||
| CVE-2019-14284 | 1 Linux | 1 Linux Kernel | 2019-08-11 | 2.1 LOW | 6.2 MEDIUM |
| In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default. | |||||
| CVE-2019-14283 | 1 Linux | 1 Linux Kernel | 2019-08-11 | 4.6 MEDIUM | 6.8 MEDIUM |
| In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. | |||||
| CVE-2019-14295 | 1 Upx Project | 1 Upx | 2019-08-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory. | |||||
| CVE-2019-13380 | 1 Keynto | 1 Team Password Manager | 2019-08-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online vault. | |||||
| CVE-2017-6851 | 1 Jasper Project | 1 Jasper | 2019-08-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image. | |||||
| CVE-2019-14548 | 1 Espocrm | 1 Espocrm | 2019-08-09 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be formed by an attacker using the Knowledge Base feature in the tab list. The attacker could inject malicious JavaScript inside the body of the article, thus helping him steal victims' cookies (hence compromising their accounts). | |||||
| CVE-2019-14549 | 1 Espocrm | 1 Espocrm | 2019-08-09 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in these values of an entity, thus stealing user cookies when someone visits the publicly accessible link. | |||||
| CVE-2019-14547 | 1 Espocrm | 1 Espocrm | 2019-08-09 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when an admin selects the particular file from the list of all attachments. The attacker could inject the JavaScript inside the filename and send it to users, thus helping him steal victims' cookies (hence compromising their accounts). | |||||
| CVE-2019-14550 | 1 Espocrm | 1 Espocrm | 2019-08-09 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside the add tab list feature, which would fire when a user clicks on the Edit Dashboard button, thus helping him steal victims' cookies (hence compromising their accounts). | |||||
| CVE-2016-10857 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60). | |||||
| CVE-2016-10786 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186). | |||||
| CVE-2016-10767 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159). | |||||
| CVE-2016-10774 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172). | |||||
| CVE-2016-10779 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179). | |||||
| CVE-2016-10770 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 5.5 MEDIUM | 6.5 MEDIUM |
| cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164). | |||||
| CVE-2017-18457 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 4.9 MEDIUM | 4.4 MEDIUM |
| cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). | |||||
| CVE-2019-1009 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2019-08-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050. | |||||
| CVE-2016-10807 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112). | |||||
| CVE-2017-18437 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 3.6 LOW | 4.4 MEDIUM |
| cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240). | |||||
| CVE-2016-10849 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82). | |||||
| CVE-2017-18439 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243). | |||||