) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2014-8183 |
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations. Published: August 01, 2019; 10:15:10 AM -0400 |
V4.0:(not available) V3.1: 7.4 HIGH V2.0: 6.5 MEDIUM |
| CVE-2019-14468 |
GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via crafted COBOL source code. Published: August 01, 2019; 9:15:14 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2019-14338 |
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a post-authentication admin.cgi?action= XSS vulnerability on the management interface. Published: August 01, 2019; 9:15:14 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-14337 |
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the `/bin/sh -c wget` sequence. Published: August 01, 2019; 9:15:14 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2019-14336 |
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated dump of all of the config files through a certain admin.cgi?action= insecure HTTP request. Published: August 01, 2019; 9:15:14 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2019-14334 |
An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command. Published: August 01, 2019; 9:15:14 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2019-14333 |
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a pre-authenticated denial of service attack against the access point via a long action parameter to admin.cgi. Published: August 01, 2019; 9:15:14 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
| CVE-2019-14332 |
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is use of weak ciphers for SSH such as diffie-hellman-group1-sha1. Published: August 01, 2019; 9:15:13 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
| CVE-2018-20885 |
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). Published: August 01, 2019; 9:15:13 AM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2018-20884 |
cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367). Published: August 01, 2019; 9:15:13 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2018-20883 |
cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). Published: August 01, 2019; 9:15:13 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2018-20882 |
cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). Published: August 01, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 6.8 MEDIUM V2.0: 6.6 MEDIUM |
| CVE-2018-20881 |
cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446). Published: August 01, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2018-20880 |
cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445). Published: August 01, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
| CVE-2018-20879 |
cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444). Published: August 01, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 6.3 MEDIUM V2.0: 6.5 MEDIUM |
| CVE-2018-20878 |
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441). Published: August 01, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2018-20877 |
cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437). Published: August 01, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2018-20876 |
cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434). Published: August 01, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2018-20875 |
cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433). Published: August 01, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2018-20874 |
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428). Published: August 01, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |