Filtered by CWE-20
Total 12469 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-20917 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 70.0.23 allows any user to disable Solr (SEC-371).
CVE-2018-20912 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362).
CVE-2018-20897 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395).
CVE-2018-20895 1 Cpanel 1 Cpanel 2024-11-21 N/A
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393).
CVE-2018-20893 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).
CVE-2018-20891 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436).
CVE-2018-20883 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 74.0.8 allows FTP access during account suspension (SEC-449).
CVE-2018-20882 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447).
CVE-2018-20879 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444).
CVE-2018-20873 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409).
CVE-2018-20869 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465).
CVE-2018-20864 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454).
CVE-2018-20863 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452).
CVE-2018-20861 1 Openmpt 1 Libopenmpt 2024-11-21 N/A
libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files.
CVE-2018-20860 2 Openmpt, Opensuse 2 Libopenmpt, Leap 2024-11-21 6.5 Medium
libopenmpt before 0.3.13 allows a crash with malformed MED files.
CVE-2018-20857 1 Zendesk 1 Samlr 2024-11-21 N/A
Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!---->. and then the attacker's domain name.
CVE-2018-20852 2 Python, Redhat 4 Python, Ansible Tower, Enterprise Linux and 1 more 2024-11-21 N/A
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.
CVE-2018-20846 1 Uclouvain 1 Openjpeg 2024-11-21 6.5 Medium
Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
CVE-2018-20835 1 Tar-fs Project 1 Tar-fs 2024-11-21 N/A
A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.
CVE-2018-20823 1 Mi 2 Mi 5s, Mi 5s Firmware 2024-11-21 N/A
The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a denial of service (resonance and false data) via a 20.4 kHz audio signal, aka a MEMS ultrasound attack.