) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2019-14491 |
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. Published: August 01, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 8.2 HIGH V2.0: 6.4 MEDIUM |
| CVE-2018-20953 |
cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389). Published: August 01, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-20952 |
cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388). Published: August 01, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2018-20951 |
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). Published: August 01, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-20950 |
cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386). Published: August 01, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-20949 |
cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). Published: August 01, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-20948 |
cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). Published: August 01, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-20947 |
cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2018-20946 |
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
| CVE-2018-20945 |
bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.7 MEDIUM V2.0: 7.9 HIGH |
| CVE-2018-20944 |
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
| CVE-2018-20943 |
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 2.5 LOW V2.0: 1.9 LOW |
| CVE-2018-20942 |
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 2.5 LOW V2.0: 1.9 LOW |
| CVE-2018-20941 |
cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.6 MEDIUM V2.0: 4.7 MEDIUM |
| CVE-2018-20940 |
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
| CVE-2018-20939 |
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
| CVE-2018-20938 |
cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 2.7 LOW V2.0: 4.0 MEDIUM |
| CVE-2018-20937 |
cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2018-20936 |
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
| CVE-2016-10835 |
cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |