Search Results (Refine Search)
- Category (CWE): CWE-20 Improper Input Validation
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-18466 |
cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228). Published: August 05, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 2.7 LOW V2.0: 4.0 MEDIUM |
CVE-2017-18465 |
cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227). Published: August 05, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 4.4 MEDIUM V2.0: 2.1 LOW |
CVE-2017-18464 |
cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226). Published: August 05, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 4.9 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2019-7899 |
Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Published: August 02, 2019; 6:15:17 PM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-7898 |
Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input. Published: August 02, 2019; 6:15:17 PM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-7885 |
Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure the catalog search. Published: August 02, 2019; 6:15:16 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2017-18463 |
cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225). Published: August 02, 2019; 1:15:14 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-18461 |
cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). Published: August 02, 2019; 1:15:14 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2017-18460 |
cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). Published: August 02, 2019; 1:15:14 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-18459 |
cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). Published: August 02, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-18458 |
cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219). Published: August 02, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 3.6 LOW |
CVE-2017-18453 |
cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). Published: August 02, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 4.9 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-18452 |
cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259). Published: August 02, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.7 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2017-18449 |
cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). Published: August 02, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2017-18447 |
cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251). Published: August 02, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 6.3 MEDIUM V2.0: 6.5 MEDIUM |
CVE-2017-18444 |
cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248). Published: August 02, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2017-18443 |
cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247). Published: August 02, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.8 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2017-18440 |
cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244). Published: August 02, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-18439 |
cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243). Published: August 02, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 6.3 MEDIUM V2.0: 6.5 MEDIUM |
CVE-2017-18434 |
cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237). Published: August 02, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |