Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10804 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 8.7 HIGH | 8.1 HIGH |
| The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58). | |||||
| CVE-2016-10807 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112). | |||||
| CVE-2016-10805 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109). | |||||
| CVE-2017-18433 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236). | |||||
| CVE-2017-18439 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243). | |||||
| CVE-2017-18434 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237). | |||||
| CVE-2019-7898 | 1 Magento | 1 Magento | 2019-08-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input. | |||||
| CVE-2019-7899 | 1 Magento | 1 Magento | 2019-08-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | |||||
| CVE-2017-18469 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233). | |||||
| CVE-2016-10768 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.5 MEDIUM | 6.5 MEDIUM |
| cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161). | |||||
| CVE-2018-20882 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 6.6 MEDIUM | 6.8 MEDIUM |
| cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). | |||||
| CVE-2018-20897 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.3 LOW | 2.8 LOW |
| cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395). | |||||
| CVE-2016-2098 | 2 Debian, Rubyonrails | 3 Debian Linux, Rails, Ruby On Rails | 2019-08-08 | 7.5 HIGH | 7.3 HIGH |
| Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. | |||||
| CVE-2014-0082 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 5.0 MEDIUM | N/A |
| actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers. | |||||
| CVE-2013-1856 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 5.8 MEDIUM | N/A |
| The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving (1) an external DTD or (2) an external entity declaration in conjunction with an entity reference. | |||||
| CVE-2013-6414 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 5.0 MEDIUM | N/A |
| actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching. | |||||
| CVE-2013-3221 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 6.4 MEDIUM | N/A |
| The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database. | |||||
| CVE-2011-2929 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 5.0 MEDIUM | N/A |
| The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability." | |||||
| CVE-2011-3187 | 1 Rubyonrails | 1 Rails | 2019-08-08 | 4.3 MEDIUM | N/A |
| The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. | |||||
| CVE-2018-20873 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 2.1 LOW | 3.3 LOW |
| cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). | |||||