Total
12469 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-20917 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
cPanel before 70.0.23 allows any user to disable Solr (SEC-371). | ||||
CVE-2018-20912 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362). | ||||
CVE-2018-20897 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395). | ||||
CVE-2018-20895 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). | ||||
CVE-2018-20893 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442). | ||||
CVE-2018-20891 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436). | ||||
CVE-2018-20883 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). | ||||
CVE-2018-20882 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). | ||||
CVE-2018-20879 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444). | ||||
CVE-2018-20873 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). | ||||
CVE-2018-20869 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). | ||||
CVE-2018-20864 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454). | ||||
CVE-2018-20863 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452). | ||||
CVE-2018-20861 | 1 Openmpt | 1 Libopenmpt | 2024-11-21 | N/A |
libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files. | ||||
CVE-2018-20860 | 2 Openmpt, Opensuse | 2 Libopenmpt, Leap | 2024-11-21 | 6.5 Medium |
libopenmpt before 0.3.13 allows a crash with malformed MED files. | ||||
CVE-2018-20857 | 1 Zendesk | 1 Samlr | 2024-11-21 | N/A |
Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!---->. and then the attacker's domain name. | ||||
CVE-2018-20852 | 2 Python, Redhat | 4 Python, Ansible Tower, Enterprise Linux and 1 more | 2024-11-21 | N/A |
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. | ||||
CVE-2018-20846 | 1 Uclouvain | 1 Openjpeg | 2024-11-21 | 6.5 Medium |
Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | ||||
CVE-2018-20835 | 1 Tar-fs Project | 1 Tar-fs | 2024-11-21 | N/A |
A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. | ||||
CVE-2018-20823 | 1 Mi | 2 Mi 5s, Mi 5s Firmware | 2024-11-21 | N/A |
The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a denial of service (resonance and false data) via a 20.4 kHz audio signal, aka a MEMS ultrasound attack. |