Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-14544 |
routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks. Published: August 02, 2019; 6:15:14 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-7163 |
The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password. Published: August 02, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-6969 |
The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and the phone number (if VoIP is in use). Published: August 02, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-6968 |
The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected. Published: August 02, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-14541 |
GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id in cobc/typeck.c via crafted COBOL source code. Published: August 02, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-10094 |
A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later. Published: August 02, 2019; 3:15:11 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-10093 |
In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later. Published: August 02, 2019; 3:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-10088 |
A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later. Published: August 02, 2019; 3:15:11 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-10961 |
In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution. Published: August 02, 2019; 1:15:14 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-18463 |
cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225). Published: August 02, 2019; 1:15:14 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-18461 |
cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). Published: August 02, 2019; 1:15:14 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2017-18460 |
cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). Published: August 02, 2019; 1:15:14 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-18459 |
cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). Published: August 02, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-18458 |
cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219). Published: August 02, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 3.6 LOW |
CVE-2017-18457 |
cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). Published: August 02, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 4.4 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2017-18456 |
cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). Published: August 02, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-18455 |
In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208). Published: August 02, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 2.7 LOW V2.0: 4.0 MEDIUM |
CVE-2017-18454 |
cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262). Published: August 02, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-18453 |
cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). Published: August 02, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 4.9 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-18452 |
cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259). Published: August 02, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.7 MEDIUM V2.0: 4.6 MEDIUM |