| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10899 | Hig | 0.53 | 8.1 | 0.03 | Aug 1, 2019 | A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack. | ||
| CVE-2014-8183 | Hig | 0.48 | 7.4 | 0.01 | Aug 1, 2019 | It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations. | ||
| CVE-2019-14468 | Hig | 0.51 | 7.8 | 0.01 | Aug 1, 2019 | GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via crafted COBOL source code. | ||
| CVE-2019-14332 | Hig | 0.51 | 7.8 | 0.01 | Aug 1, 2019 | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is use of weak ciphers for SSH such as diffie-hellman-group1-sha1. | ||
| CVE-2019-14465 | Hig | 0.51 | 7.8 | 0.01 | Jul 31, 2019 | fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow. | ||
| CVE-2019-10185 | Hig | 0.00 | 8.6 | 0.04 | Jul 31, 2019 | It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and,… | ||
| CVE-2019-10181 | Hig | 0.00 | 8.1 | 0.01 | Jul 31, 2019 | It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox. | ||
| CVE-2019-10186 | Hig | 0.50 | 8.8 | 0.01 | Jul 31, 2019 | A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool. | ||
| CVE-2019-10182 | Hig | 0.00 | 8.2 | 0.03 | Jul 31, 2019 | It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the… | ||
| CVE-2019-14459 | Hig | 0.00 | 7.5 | 0.03 | Jul 31, 2019 | nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service). | ||
| CVE-2019-3960 | Hig | 0.47 | 7.2 | 0.03 | Jul 31, 2019 | Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file. | ||
| CVE-2019-3959 | Hig | 0.57 | 8.8 | 0.01 | Jul 31, 2019 | Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | ||
| CVE-2019-1901 | Hig | 0.57 | 8.8 | 0.01 | Jul 31, 2019 | A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service (DoS) condition or execute arbitrary code… | ||
| CVE-2019-12750 | Hig | 0.51 | 7.8 | 0.01 | Jul 31, 2019 | Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt… | ||
| CVE-2007-6763 | Hig | 0.57 | 8.8 | 0.01 | Jul 31, 2019 | SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser. | ||
| CVE-2019-5060 | Hig | 0.58 | 8.8 | 0.04 | Jul 31, 2019 | An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds,… | ||
| CVE-2019-5059 | Hig | 0.57 | 8.8 | 0.04 | Jul 31, 2019 | An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap… | ||
| CVE-2019-5058 | Hig | 0.57 | 8.8 | 0.04 | Jul 31, 2019 | An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | ||
| CVE-2019-5057 | Hig | 0.57 | 8.8 | 0.04 | Jul 31, 2019 | An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | ||
| CVE-2019-4165 | Hig | 0.49 | 7.5 | 0.02 | Jul 31, 2019 | IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to cause a denial of service attack using repeated requests to the server. IBM X-Force ID: 158698. | ||
| CVE-2019-13568 | Hig | 0.00 | 8.8 | 0.02 | Jul 31, 2019 | CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image. | ||
| CVE-2018-16860 | Hig | 0.49 | 7.5 | 0.02 | Jul 31, 2019 | A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and… | ||
| CVE-2019-10356 | Hig | 0.57 | 8.8 | 0.03 | Jul 31, 2019 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts. | ||
| CVE-2019-10355 | Hig | 0.50 | 8.8 | 0.03 | Jul 31, 2019 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts. | ||
| CVE-2019-14452 | Hig | 0.00 | 7.5 | 0.04 | Jul 31, 2019 | Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. | ||
| CVE-2019-10162 | Hig | 0.49 | 7.5 | 0.02 | Jul 30, 2019 | A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative… | ||
| CVE-2019-10161 | Hig | 0.51 | 7.8 | 0.01 | Jul 30, 2019 | It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the… | ||
| CVE-2019-10152 | Hig | 0.00 | 7.2 | 0.00 | Jul 30, 2019 | A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator… | ||
| CVE-2019-7615 | Hig | 0.41 | 7.4 | 0.01 | Jul 30, 2019 | A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could… | ||
| CVE-2019-5459 | Hig | 0.46 | 7.1 | 0.03 | Jul 30, 2019 | An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. | ||
| CVE-2019-5456 | Hig | 0.53 | 8.1 | 0.01 | Jul 30, 2019 | SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later. | ||
| CVE-2019-5448 | — | Hig | 0.53 | 8.1 | 0.01 | Jul 30, 2019 | Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network. | |
| CVE-2017-18381 | Hig | 0.47 | 7.2 | 0.01 | Jul 30, 2019 | The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials. | ||
| CVE-2019-10142 | Hig | 0.46 | 7.1 | 0.00 | Jul 30, 2019 | A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw… | ||
| CVE-2019-10141 | — | Hig | 0.47 | 8.3 | 0.02 | Jul 30, 2019 | A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a… | |
| CVE-2019-10138 | Hig | 0.57 | 8.8 | 0.01 | Jul 30, 2019 | A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens. | ||
| CVE-2018-16871 | Hig | 0.49 | 7.5 | 0.03 | Jul 30, 2019 | A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine… | ||
| CVE-2019-14405 | Hig | 0.57 | 8.8 | 0.01 | Jul 30, 2019 | cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487). | ||
| CVE-2019-14401 | Hig | 0.57 | 8.8 | 0.01 | Jul 30, 2019 | cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480). | ||
| CVE-2019-14400 | Hig | 0.51 | 7.8 | 0.00 | Jul 30, 2019 | cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479). | ||
| CVE-2019-14399 | Hig | 0.46 | 7.1 | 0.00 | Jul 30, 2019 | The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477). | ||
| CVE-2019-14398 | Hig | 0.57 | 8.8 | 0.01 | Jul 30, 2019 | cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498). | ||
| CVE-2018-20869 | Hig | 0.51 | 7.8 | 0.01 | Jul 30, 2019 | cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). | ||
| CVE-2018-20862 | Hig | 0.51 | 7.8 | 0.00 | Jul 30, 2019 | cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366). | ||
| CVE-2019-4456 | Hig | 0.46 | 7.1 | 0.02 | Jul 30, 2019 | IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force… | ||
| CVE-2019-4062 | Hig | 0.46 | 7.1 | 0.02 | Jul 30, 2019 | IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 157007. | ||
| CVE-2019-14392 | Hig | 0.57 | 8.8 | 0.02 | Jul 30, 2019 | cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501). | ||
| CVE-2019-11775 | Hig | 0.48 | 7.4 | 0.01 | Jul 30, 2019 | All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of… | ||
| CVE-2019-14389 | Hig | 0.51 | 7.8 | 0.00 | Jul 30, 2019 | cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510). | ||
| CVE-2019-14388 | Hig | 0.49 | 7.5 | 0.01 | Jul 30, 2019 | cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507). |
- risk 0.53cvss 8.1epss 0.03
A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack.
- risk 0.48cvss 7.4epss 0.01
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
- risk 0.51cvss 7.8epss 0.01
GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via crafted COBOL source code.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is use of weak ciphers for SSH such as diffie-hellman-group1-sha1.
- risk 0.51cvss 7.8epss 0.01
fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow.
- risk 0.00cvss 8.6epss 0.04
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and,…
- risk 0.00cvss 8.1epss 0.01
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.
- risk 0.50cvss 8.8epss 0.01
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.
- risk 0.00cvss 8.2epss 0.03
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the…
- risk 0.00cvss 7.5epss 0.03
nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).
- risk 0.47cvss 7.2epss 0.03
Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file.
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service (DoS) condition or execute arbitrary code…
- risk 0.51cvss 7.8epss 0.01
Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt…
- risk 0.57cvss 8.8epss 0.01
SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser.
- risk 0.58cvss 8.8epss 0.04
An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds,…
- risk 0.57cvss 8.8epss 0.04
An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap…
- risk 0.57cvss 8.8epss 0.04
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
- risk 0.57cvss 8.8epss 0.04
An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
- risk 0.49cvss 7.5epss 0.02
IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to cause a denial of service attack using repeated requests to the server. IBM X-Force ID: 158698.
- risk 0.00cvss 8.8epss 0.02
CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.
- risk 0.49cvss 7.5epss 0.02
A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and…
- risk 0.57cvss 8.8epss 0.03
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts.
- risk 0.50cvss 8.8epss 0.03
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.
- risk 0.00cvss 7.5epss 0.04
Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
- risk 0.49cvss 7.5epss 0.02
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative…
- risk 0.51cvss 7.8epss 0.01
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the…
- risk 0.00cvss 7.2epss 0.00
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator…
- risk 0.41cvss 7.4epss 0.01
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could…
- risk 0.46cvss 7.1epss 0.03
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
- risk 0.53cvss 8.1epss 0.01
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.
- risk 0.53cvss 8.1epss 0.01
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.
- risk 0.47cvss 7.2epss 0.01
The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials.
- risk 0.46cvss 7.1epss 0.00
A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw…
- risk 0.47cvss 8.3epss 0.02
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a…
- risk 0.57cvss 8.8epss 0.01
A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.
- risk 0.49cvss 7.5epss 0.03
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine…
- risk 0.57cvss 8.8epss 0.01
cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487).
- risk 0.57cvss 8.8epss 0.01
cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480).
- risk 0.51cvss 7.8epss 0.00
cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479).
- risk 0.46cvss 7.1epss 0.00
The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477).
- risk 0.57cvss 8.8epss 0.01
cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498).
- risk 0.51cvss 7.8epss 0.01
cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465).
- risk 0.51cvss 7.8epss 0.00
cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366).
- risk 0.46cvss 7.1epss 0.02
IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force…
- risk 0.46cvss 7.1epss 0.02
IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 157007.
- risk 0.57cvss 8.8epss 0.02
cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501).
- risk 0.48cvss 7.4epss 0.01
All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of…
- risk 0.51cvss 7.8epss 0.00
cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510).
- risk 0.49cvss 7.5epss 0.01
cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507).