ReportizFlow
Filtered by vendor
Subscriptions
Total
12630 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20897 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395). | ||||
| CVE-2018-20895 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). | ||||
| CVE-2018-20893 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442). | ||||
| CVE-2018-20891 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436). | ||||
| CVE-2018-20883 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). | ||||
| CVE-2018-20882 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). | ||||
| CVE-2018-20879 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444). | ||||
| CVE-2018-20873 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). | ||||
| CVE-2018-20869 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). | ||||
| CVE-2018-20864 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454). | ||||
| CVE-2018-20863 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452). | ||||
| CVE-2018-20861 | 1 Openmpt | 1 Libopenmpt | 2024-11-21 | N/A |
| libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files. | ||||
| CVE-2018-20860 | 2 Openmpt, Opensuse | 2 Libopenmpt, Leap | 2024-11-21 | 6.5 Medium |
| libopenmpt before 0.3.13 allows a crash with malformed MED files. | ||||
| CVE-2018-20857 | 1 Zendesk | 1 Samlr | 2024-11-21 | N/A |
| Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with [email protected] followed by <!---->. and then the attacker's domain name. | ||||
| CVE-2018-20852 | 2 Python, Redhat | 4 Python, Ansible Tower, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. | ||||
| CVE-2018-20846 | 1 Uclouvain | 1 Openjpeg | 2024-11-21 | 6.5 Medium |
| Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | ||||
| CVE-2018-20835 | 1 Tar-fs Project | 1 Tar-fs | 2024-11-21 | N/A |
| A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. | ||||
| CVE-2018-20823 | 1 Mi | 2 Mi 5s, Mi 5s Firmware | 2024-11-21 | N/A |
| The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a denial of service (resonance and false data) via a 20.4 kHz audio signal, aka a MEMS ultrasound attack. | ||||
| CVE-2018-20813 | 1 Ivanti | 1 Connect Secure | 2024-11-21 | N/A |
| An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2. | ||||
| CVE-2018-20809 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Policy Secure | 2024-11-21 | N/A |
| A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX. | ||||