Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18448 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252). | |||||
| CVE-2017-18449 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). | |||||
| CVE-2019-5401 | 1 Hp | 2 Hp2910al-48g, Hp2910al-48g Firmware | 2019-08-08 | 3.5 LOW | 4.8 MEDIUM |
| A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017. | |||||
| CVE-2017-18450 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.4 MEDIUM | 4.5 MEDIUM |
| cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255). | |||||
| CVE-2017-18461 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). | |||||
| CVE-2017-18430 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.6 MEDIUM | 4.7 MEDIUM |
| In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294). | |||||
| CVE-2017-18445 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). | |||||
| CVE-2017-18444 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248). | |||||
| CVE-2017-18442 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). | |||||
| CVE-2017-18441 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.0 MEDIUM | 5.0 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245). | |||||
| CVE-2019-14456 | 1 Opengear | 1 Opengear | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system (connected to a serial port on an Opengear console server) sends crafted text to a serial port (that has logging enabled), the text will be replayed when the logs are viewed. Exploiting this vulnerability requires access to the serial port and/or console server. | |||||
| CVE-2019-7882 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can inject malicious SWF files. | |||||
| CVE-2019-7874 | 1 Magento | 1 Magento | 2019-08-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles. | |||||
| CVE-2019-7934 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit newsletter templates to inject malicious javascript. | |||||
| CVE-2019-7875 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to newsletter templates. | |||||
| CVE-2019-7881 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack). | |||||
| CVE-2018-20951 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). | |||||
| CVE-2019-7935 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content page titles to inject malicious javascript. | |||||
| CVE-2018-20950 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386). | |||||
| CVE-2018-20949 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). | |||||
| CVE-2019-7887 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 4.8 MEDIUM |
| A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 when the feature that adds a secret key to the Admin URL is disabled. | |||||
| CVE-2019-7938 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify catalog price rules to inject malicious javascript. | |||||
| CVE-2019-7940 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify store currency options to inject malicious javascript. | |||||
| CVE-2019-7944 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Return Product comments field can inject malicious javascript. | |||||
| CVE-2019-7945 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to modify currency symbols can inject malicious javascript. | |||||
| CVE-2018-20948 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). | |||||
| CVE-2019-7873 | 1 Magento | 1 Magento | 2019-08-07 | 5.8 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule. | |||||
| CVE-2018-20888 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424). | |||||
| CVE-2018-20933 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410). | |||||
| CVE-2018-20889 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.6 LOW | 4.4 MEDIUM |
| cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425). | |||||
| CVE-2016-10827 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96). | |||||
| CVE-2019-14248 | 1 Nasm | 1 Netwide Assembler | 2019-08-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled. | |||||
| CVE-2019-13655 | 1 Imgix | 1 Imgix | 2019-08-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Imgix through 2019-06-19 allows remote attackers to cause a denial of service (resource consumption) by manipulating a small JPEG file to specify dimensions of 64250x64250 pixels, which is mishandled during an attempt to load the 'whole image' into memory. | |||||
| CVE-2016-10822 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88). | |||||
| CVE-2018-20935 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412). | |||||
| CVE-2017-18473 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199). | |||||
| CVE-2017-18471 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197). | |||||
| CVE-2017-18472 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198). | |||||
| CVE-2017-18481 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211). | |||||
| CVE-2016-10856 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29). | |||||
| CVE-2017-18454 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262). | |||||
| CVE-2018-20874 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428). | |||||
| CVE-2018-20891 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 4.9 MEDIUM | 5.5 MEDIUM |
| cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436). | |||||
| CVE-2016-10813 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118). | |||||
| CVE-2019-7862 | 1 Magento | 1 Magento | 2019-08-06 | 3.5 LOW | 4.8 MEDIUM |
| A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | |||||
| CVE-2019-7853 | 1 Magento | 1 Magento | 2019-08-06 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the tax notifications configuration in the Magento admin panel. | |||||
| CVE-2017-18385 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). | |||||
| CVE-2019-7863 | 1 Magento | 1 Magento | 2019-08-06 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to products and categories. | |||||
| CVE-2019-7851 | 1 Magento | 1 Magento | 2019-08-06 | 5.8 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages. | |||||
| CVE-2019-7852 | 1 Magento | 1 Magento | 2019-08-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties. | |||||