Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18452 | 1 Cpanel | 1 Cpanel | 2019-08-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259). | |||||
| CVE-2008-1331 | 1 Alcatel-lucent | 1 Omnipcx Office | 2019-08-14 | 10.0 HIGH | N/A |
| cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter. | |||||
| CVE-2007-2764 | 2 Brocade, Linux | 9 Silkworm 12000 Director, Silkworm 200e Switch, Silkworm 24000 Director and 6 more | 2019-08-14 | 7.8 HIGH | N/A |
| The embedded Linux kernel in certain Sun-Brocade SilkWorm switches before 20070516 does not properly handle a situation in which a non-root user creates a kernel process, which allows attackers to cause a denial of service (oops and device reboot) via unspecified vectors. | |||||
| CVE-2017-18398 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 5.5 MEDIUM | 3.8 LOW |
| DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331). | |||||
| CVE-2016-10814 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119). | |||||
| CVE-2017-18401 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334). | |||||
| CVE-2017-18431 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941). | |||||
| CVE-2017-18395 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 does not block a username of ssl (SEC-328). | |||||
| CVE-2017-18394 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327). | |||||
| CVE-2017-18393 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326). | |||||
| CVE-2017-18392 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 2.1 LOW | 2.0 LOW |
| cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325). | |||||
| CVE-2017-9793 | 1 Apache | 1 Struts | 2019-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload. | |||||
| CVE-2017-12611 | 1 Apache | 1 Struts | 2019-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. | |||||
| CVE-2016-4438 | 1 Apache | 1 Struts | 2019-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. | |||||
| CVE-2016-3087 | 1 Apache | 1 Struts | 2019-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin. | |||||
| CVE-2017-18405 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345). | |||||
| CVE-2016-10793 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152). | |||||
| CVE-2016-10800 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.8 MEDIUM | 7.8 HIGH |
| cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138). | |||||
| CVE-2016-10808 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 9.0 HIGH | 8.8 HIGH |
| In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113). | |||||
| CVE-2016-10812 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 9.0 HIGH | 8.8 HIGH |
| In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117). | |||||