U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Category (CWE): CWE-20 Improper Input Validation
There are 9,282 matching records.
Displaying matches 2,681 through 2,700.
Vuln ID Summary CVSS Severity
CVE-2016-10842

cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74).

Published: August 01, 2019; 12:15:12 PM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2018-20917

cPanel before 70.0.23 allows any user to disable Solr (SEC-371).

Published: August 01, 2019; 11:15:14 AM -0400 		V4.0:(not available)
 V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2018-20912

cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362).

Published: August 01, 2019; 11:15:13 AM -0400 		V4.0:(not available)
 V3.0: 6.3 MEDIUM
V2.0: 6.5 MEDIUM
CVE-2016-10858

cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).

Published: August 01, 2019; 11:15:12 AM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 9.3 HIGH
CVE-2016-10855

cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).

Published: August 01, 2019; 11:15:12 AM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2016-10850

cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83).

Published: August 01, 2019; 11:15:12 AM -0400 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2018-20897

cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395).

Published: August 01, 2019; 10:15:12 AM -0400 		V4.0:(not available)
 V3.0: 2.8 LOW
V2.0: 3.3 LOW
CVE-2018-20895

In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393).

Published: August 01, 2019; 10:15:12 AM -0400 		V4.0:(not available)
 V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2018-20893

cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).

Published: August 01, 2019; 10:15:12 AM -0400 		V4.0:(not available)
 V3.0: 2.3 LOW
V2.0: 2.1 LOW
CVE-2018-20891

cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436).

Published: August 01, 2019; 10:15:12 AM -0400 		V4.0:(not available)
 V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2015-7559

It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.

Published: August 01, 2019; 10:15:10 AM -0400 		V4.0:(not available)
 V3.1: 2.7 LOW
V2.0: 4.0 MEDIUM
CVE-2018-20883

cPanel before 74.0.8 allows FTP access during account suspension (SEC-449).

Published: August 01, 2019; 9:15:13 AM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2018-20882

cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447).

Published: August 01, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 6.8 MEDIUM
V2.0: 6.6 MEDIUM
CVE-2018-20879

cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444).

Published: August 01, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 6.3 MEDIUM
V2.0: 6.5 MEDIUM
CVE-2018-20873

cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409).

Published: August 01, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 3.3 LOW
V2.0: 2.1 LOW
CVE-2007-6763

SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser.

Published: July 31, 2019; 2:15:10 PM -0400 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2018-20861

libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files.

Published: July 30, 2019; 3:15:13 PM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20860

libopenmpt before 0.3.13 allows a crash with malformed MED files.

Published: July 30, 2019; 3:15:13 PM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20869

cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465).

Published: July 30, 2019; 11:15:10 AM -0400 		V4.0:(not available)
 V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2018-20864

cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454).

Published: July 30, 2019; 11:15:10 AM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 6.4 MEDIUM