U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
There are 243,612 matching records.
Displaying matches 123,181 through 123,200.
Vuln ID Summary CVSS Severity
CVE-2017-18472

cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18471

cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-18470

cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 4.0 MEDIUM
CVE-2017-18469

cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.3 MEDIUM
V2.0: 6.5 MEDIUM
CVE-2016-10775

cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2016-10774

cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2016-10773

cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2016-10772

cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 3.3 LOW
V2.0: 2.1 LOW
CVE-2016-10771

cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2016-10770

cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2016-10769

cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2016-10768

cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2016-10767

cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-14663

Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fileio.c via crafted BASIC source code.

Published: August 05, 2019; 8:15:12 AM -0400 		V4.0:(not available)
 V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-14662

Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in fileio.c via crafted BASIC source code.

Published: August 05, 2019; 8:15:12 AM -0400 		V4.0:(not available)
 V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-14525

In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call.

Published: August 05, 2019; 8:15:11 AM -0400 		V4.0:(not available)
 V3.0: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2019-14521

The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter.

Published: August 05, 2019; 8:15:11 AM -0400 		V4.0:(not available)
 V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-18468

cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).

Published: August 05, 2019; 8:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.3 MEDIUM
V2.0: 6.5 MEDIUM
CVE-2017-18467

cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229).

Published: August 05, 2019; 8:15:11 AM -0400 		V4.0:(not available)
 V3.0: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2017-18466

cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228).

Published: August 05, 2019; 8:15:11 AM -0400 		V4.0:(not available)
 V3.0: 2.7 LOW
V2.0: 4.0 MEDIUM