Export limit exceeded: 24565 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24565 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20902 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408). | ||||
| CVE-2018-20897 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395). | ||||
| CVE-2018-20895 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). | ||||
| CVE-2018-20894 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443). | ||||
| CVE-2018-20893 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442). | ||||
| CVE-2018-20891 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436). | ||||
| CVE-2018-20889 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425). | ||||
| CVE-2018-20883 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). | ||||
| CVE-2018-20882 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). | ||||
| CVE-2018-20879 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444). | ||||
| CVE-2018-20873 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). | ||||
| CVE-2018-20870 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467). | ||||
| CVE-2018-20869 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). | ||||
| CVE-2018-20864 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454). | ||||
| CVE-2018-20863 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452). | ||||
| CVE-2018-20861 | 1 Openmpt | 1 Libopenmpt | 2024-11-21 | N/A |
| libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files. | ||||
| CVE-2018-20860 | 2 Openmpt, Opensuse | 2 Libopenmpt, Leap | 2024-11-21 | 6.5 Medium |
| libopenmpt before 0.3.13 allows a crash with malformed MED files. | ||||
| CVE-2018-20857 | 1 Zendesk | 1 Samlr | 2024-11-21 | N/A |
| Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!---->. and then the attacker's domain name. | ||||
| CVE-2018-20855 | 3 Linux, Netapp, Opensuse | 6 Linux Kernel, Active Iq Performance Analytics Services, Active Iq Unified Manager and 3 more | 2024-11-21 | 3.3 Low |
| An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. | ||||
| CVE-2018-20852 | 2 Python, Redhat | 4 Python, Ansible Tower, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. | ||||