Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2018-20937 cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | N/A | NONE | — | 0 |
| CVE-2018-20938 cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). | N/A | NONE | — | 0 |
| CVE-2019-9140 When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive inform... | 8.1 | HIGH | — | 0 |
| CVE-2018-20939 cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). | N/A | NONE | — | 0 |
| CVE-2018-20940 cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). | N/A | NONE | — | 0 |
| CVE-2018-20941 cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349). | N/A | NONE | — | 0 |
| CVE-2018-20942 cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). | N/A | NONE | — | 0 |
| CVE-2018-20943 cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). | N/A | NONE | — | 0 |
| CVE-2018-20944 cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). | N/A | NONE | — | 0 |
| CVE-2018-20945 bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). | N/A | NONE | — | 0 |
| CVE-2018-20946 cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). | N/A | NONE | — | 0 |
| CVE-2018-20947 cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). | N/A | NONE | — | 0 |
| CVE-2018-20948 cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). | N/A | NONE | — | 0 |
| CVE-2018-20949 cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). | N/A | NONE | — | 0 |
| CVE-2018-20950 cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386). | N/A | NONE | — | 0 |
| CVE-2018-20951 cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). | N/A | NONE | — | 0 |
| CVE-2017-18419 cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266). | N/A | NONE | — | 0 |
| CVE-2019-14491 An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, wh... | N/A | NONE | — | 0 |
| CVE-2019-14492 An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, wh... | 7.5 | HIGH | — | 0 |
| CVE-2019-14493 An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp. | 7.5 | HIGH | — | 0 |
| CVE-2019-14494 An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. | 7.5 | HIGH | — | 0 |
| CVE-2019-14495 webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-14496 LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow. | 7.8 | HIGH | — | 0 |
| CVE-2019-14497 ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow. | 7.8 | HIGH | — | 0 |
| CVE-2016-10813 cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118). | N/A | NONE | — | 0 |
| CVE-2016-10814 cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119). | N/A | NONE | — | 0 |
| CVE-2016-10815 cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120). | N/A | NONE | — | 0 |
| CVE-2016-10816 cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121). | N/A | NONE | — | 0 |
| CVE-2016-10817 cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123). | N/A | NONE | — | 0 |
| CVE-2016-10818 cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). | N/A | NONE | — | 0 |
| CVE-2016-10819 In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125). | N/A | NONE | — | 0 |
| CVE-2016-10820 cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31). | N/A | NONE | — | 0 |
| CVE-2016-10821 In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). | N/A | NONE | — | 0 |
| CVE-2016-10826 cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93). | N/A | NONE | — | 0 |
| CVE-2019-14260 On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change P... | N/A | NONE | — | 0 |
| CVE-2019-14513 Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a differe... | 7.5 | HIGH | — | 0 |
| CVE-2019-5401 A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configura... | N/A | NONE | — | 0 |
| CVE-2019-14517 pandao Editor.md 1.5.0 allows XSS via the Javascript: string. | N/A | NONE | — | 0 |
| CVE-2019-14523 An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c. | 7.8 | HIGH | — | 0 |
| CVE-2019-14524 An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than ... | 7.8 | HIGH | — | 0 |
| CVE-2014-8184 A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause appli... | 7.8 | HIGH | — | 0 |
| CVE-2017-18382 cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). | N/A | NONE | — | 0 |
| CVE-2017-18383 cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309). | N/A | NONE | — | 0 |
| CVE-2017-18384 cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). | N/A | NONE | — | 0 |
| CVE-2017-18420 cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269). | N/A | NONE | — | 0 |
| CVE-2017-18385 cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). | N/A | NONE | — | 0 |
| CVE-2017-18386 cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313). | N/A | NONE | — | 0 |
| CVE-2017-18387 cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314). | N/A | NONE | — | 0 |
| CVE-2017-18388 cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315). | N/A | NONE | — | 0 |
| CVE-2017-18389 cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318). | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.