Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-20
Total 10626 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-10842 1 Cpanel 1 Cpanel 2019-08-12 4.0 MEDIUM 6.5 MEDIUM
cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74).
CVE-2017-18409 1 Cpanel 1 Cpanel 2019-08-12 4.0 MEDIUM 6.5 MEDIUM
In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283).
CVE-2017-18410 1 Cpanel 1 Cpanel 2019-08-12 4.0 MEDIUM 6.5 MEDIUM
In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284).
CVE-2017-18464 1 Cpanel 1 Cpanel 2019-08-12 5.5 MEDIUM 4.9 MEDIUM
cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226).
CVE-2017-18465 1 Cpanel 1 Cpanel 2019-08-12 2.1 LOW 4.4 MEDIUM
cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227).
CVE-2017-18475 1 Cpanel 1 Cpanel 2019-08-12 6.5 MEDIUM 8.8 HIGH
In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).
CVE-2016-10775 1 Cpanel 1 Cpanel 2019-08-12 6.8 MEDIUM 6.5 MEDIUM
cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173).
CVE-2017-18466 1 Cpanel 1 Cpanel 2019-08-12 4.0 MEDIUM 2.7 LOW
cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228).
CVE-2017-18482 1 Cpanel 1 Cpanel 2019-08-12 4.0 MEDIUM 6.5 MEDIUM
cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213).
CVE-2017-18415 1 Cpanel 1 Cpanel 2019-08-12 4.6 MEDIUM 7.8 HIGH
cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302).
CVE-2017-18411 1 Cpanel 1 Cpanel 2019-08-12 4.0 MEDIUM 6.8 MEDIUM
The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285).
CVE-2007-6763 1 Sas 1 Sas Drug Development 2019-08-12 6.5 MEDIUM 8.8 HIGH
SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser.
CVE-2018-9154 1 Jasper Project 1 Jasper 2019-08-09 5.0 MEDIUM 7.5 HIGH
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.
CVE-2016-10858 1 Cpanel 1 Cpanel 2019-08-09 9.3 HIGH 9.8 CRITICAL
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).
CVE-2017-18388 1 Cpanel 1 Cpanel 2019-08-09 7.2 HIGH 7.8 HIGH
cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).
CVE-2016-10771 1 Cpanel 1 Cpanel 2019-08-09 5.5 MEDIUM 8.1 HIGH
cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165).
CVE-2016-10787 1 Cpanel 1 Cpanel 2019-08-09 5.5 MEDIUM 8.1 HIGH
The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187).
CVE-2016-10788 1 Cpanel 1 Cpanel 2019-08-09 9.0 HIGH 8.8 HIGH
cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188).
CVE-2016-10789 1 Cpanel 1 Cpanel 2019-08-09 6.5 MEDIUM 8.8 HIGH
cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191).
CVE-2016-10770 1 Cpanel 1 Cpanel 2019-08-09 5.5 MEDIUM 6.5 MEDIUM
cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164).