) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2018-20961 |
In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact. Published: August 07, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
| CVE-2018-14383 |
The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7 Published: August 07, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2016-5431 |
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens. Published: August 07, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2018-20959 |
Jura E8 devices lack Bluetooth connection security. Published: August 07, 2019; 9:15:13 AM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 4.8 MEDIUM |
| CVE-2018-20958 |
The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device. Published: August 07, 2019; 9:15:13 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 3.3 LOW |
| CVE-2017-18483 |
ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a crafted SSID. Published: August 07, 2019; 9:15:13 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10861 |
Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password. Published: August 07, 2019; 9:15:13 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10812 |
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117). Published: August 07, 2019; 9:15:13 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
| CVE-2016-10811 |
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116). Published: August 07, 2019; 9:15:13 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
| CVE-2016-10810 |
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115). Published: August 07, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
| CVE-2016-10809 |
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114). Published: August 07, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
| CVE-2016-10808 |
In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113). Published: August 07, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
| CVE-2016-10807 |
cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112). Published: August 07, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2016-10806 |
cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110). Published: August 07, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2016-10805 |
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109). Published: August 07, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2016-10804 |
The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58). Published: August 07, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 8.7 HIGH |
| CVE-2016-10803 |
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923). Published: August 07, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2016-10802 |
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142). Published: August 07, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2016-10801 |
cPanel before 58.0.4 has improper session handling for shared users (SEC-139). Published: August 07, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2016-10800 |
cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138). Published: August 07, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |