Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2018-20892 cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439). | N/A | NONE | β | 0 |
| CVE-2018-20893 cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442). | N/A | NONE | β | 0 |
| CVE-2018-20894 cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443). | N/A | NONE | β | 0 |
| CVE-2018-20895 In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). | N/A | NONE | β | 0 |
| CVE-2018-20896 cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). | N/A | NONE | β | 0 |
| CVE-2018-20897 cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395). | N/A | NONE | β | 0 |
| CVE-2018-20898 cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). | N/A | NONE | β | 0 |
| CVE-2018-20899 cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398). | N/A | NONE | β | 0 |
| CVE-2018-20900 cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399). | N/A | NONE | β | 0 |
| CVE-2019-3884 A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Ve... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-5407 A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | N/A | NONE | β | 0 |
| CVE-2019-3890 It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to... | N/A | NONE | β | 0 |
| CVE-2013-7473 Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account. | N/A | NONE | β | 0 |
| CVE-2013-7474 Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users. | N/A | NONE | β | 0 |
| CVE-2015-9291 cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221). | N/A | NONE | β | 0 |
| CVE-2016-10850 cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83). | N/A | NONE | β | 0 |
| CVE-2016-10851 cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84). | N/A | NONE | β | 0 |
| CVE-2018-20904 cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427). | N/A | NONE | β | 0 |
| CVE-2016-10852 cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). | N/A | NONE | β | 0 |
| CVE-2016-10853 cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86). | N/A | NONE | β | 0 |
| CVE-2016-10854 cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87). | N/A | NONE | β | 0 |
| CVE-2016-10855 cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91). | N/A | NONE | β | 0 |
| CVE-2016-10856 cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29). | N/A | NONE | β | 0 |
| CVE-2018-20912 cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362). | N/A | NONE | β | 0 |
| CVE-2015-9301 The liveforms plugin before 3.2.0 for WordPress has SQL injection. | N/A | NONE | β | 0 |
| CVE-2016-10857 cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60). | N/A | NONE | β | 0 |
| CVE-2016-10858 cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64). | N/A | NONE | β | 0 |
| CVE-2016-10859 cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65). | N/A | NONE | β | 0 |
| CVE-2016-10860 cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66). | N/A | NONE | β | 0 |
| CVE-2018-20901 cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400). | N/A | NONE | β | 0 |
| CVE-2018-20902 cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408). | N/A | NONE | β | 0 |
| CVE-2018-20903 cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421). | N/A | NONE | β | 0 |
| CVE-2018-20905 cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429). | N/A | NONE | β | 0 |
| CVE-2018-20906 cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430). | N/A | NONE | β | 0 |
| CVE-2018-20907 cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432). | N/A | NONE | β | 0 |
| CVE-2018-20908 cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435). | N/A | NONE | β | 0 |
| CVE-2018-20909 cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338). | N/A | NONE | β | 0 |
| CVE-2018-20910 cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357). | N/A | NONE | β | 0 |
| CVE-2018-20911 cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359). | N/A | NONE | β | 0 |
| CVE-2019-13572 The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14259 On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface all... | N/A | NONE | β | 0 |
| CVE-2019-14471 TestLink 1.9.19 has XSS via the error.php message parameter. | N/A | NONE | β | 0 |
| CVE-2019-14472 Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. | N/A | NONE | β | 0 |
| CVE-2016-10836 cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108). | N/A | NONE | β | 0 |
| CVE-2016-10837 cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46). | N/A | NONE | β | 0 |
| CVE-2016-10838 cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70). | N/A | NONE | β | 0 |
| CVE-2016-10839 cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71). | N/A | NONE | β | 0 |
| CVE-2016-10840 cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72). | N/A | NONE | β | 0 |
| CVE-2016-10841 The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73). | N/A | NONE | β | 0 |
| CVE-2016-10842 cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74). | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.