Lista CVE - 2019 / Agosto
Visualizzazione 1 - 100 di 2001 CVE per Agosto 2019 (Pagina 1 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-14332 | 2019-08-01 | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is use of weak ciphers for SSH such as diffie-hellman-group1-sha1. |
| CVE-2019-14333 | 2019-08-01 | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a pre-authenticated denial of service attack against the access point via a long action parameter... |
| CVE-2019-14334 | 2019-08-01 | An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command. |
| CVE-2019-14336 | 2019-08-01 | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated dump of all of the config files through a certain admin.cgi?action= insecure HTTP request. |
| CVE-2019-14337 | 2019-08-01 | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated... |
| CVE-2019-14338 | 2019-08-01 | An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a post-authentication admin.cgi?action= XSS vulnerability on the management interface. |
| CVE-2018-20873 | 2019-08-01 | cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). |
| CVE-2018-20874 | 2019-08-01 | cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428). |
| CVE-2018-20875 | 2019-08-01 | cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433). |
| CVE-2018-20876 | 2019-08-01 | cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434). |
| CVE-2018-20877 | 2019-08-01 | cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437). |
| CVE-2018-20878 | 2019-08-01 | cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441). |
| CVE-2018-20879 | 2019-08-01 | cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444). |
| CVE-2018-20880 | 2019-08-01 | cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445). |
| CVE-2018-20881 | 2019-08-01 | cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446). |
| CVE-2018-20882 | 2019-08-01 | cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). |
| CVE-2018-20883 | 2019-08-01 | cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). |
| CVE-2019-14468 | 2019-08-01 | GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via crafted COBOL source code. |
| CVE-2018-20884 | 2019-08-01 | cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367). |
| CVE-2018-20885 | 2019-08-01 | cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). |
| CVE-2018-20886 | 2019-08-01 | cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418). |
| CVE-2018-20887 | 2019-08-01 | cPanel before 74.0.0 allows SQL injection during database backups (SEC-420). |
| CVE-2018-20888 | 2019-08-01 | cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424). |
| CVE-2018-20889 | 2019-08-01 | cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425). |
| CVE-2018-20890 | 2019-08-01 | cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426). |
| CVE-2018-20891 | 2019-08-01 | cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436). |
| CVE-2018-20892 | 2019-08-01 | cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439). |
| CVE-2018-20893 | 2019-08-01 | cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442). |
| CVE-2018-20894 | 2019-08-01 | cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443). |
| CVE-2019-3884 | 2019-08-01 | A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those... |
| CVE-2019-3890 | 2019-08-01 | It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting... |
| CVE-2018-10899 | 2019-08-01 | A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking... |
| CVE-2014-8183 | 2019-08-01 | It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge... |
| CVE-2018-20895 | 2019-08-01 | In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). |
| CVE-2019-0193 | 2019-08-01 | In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come... |
| CVE-2018-20896 | 2019-08-01 | cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). |
| CVE-2018-20897 | 2019-08-01 | cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395). |
| CVE-2018-20898 | 2019-08-01 | cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). |
| CVE-2018-20899 | 2019-08-01 | cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398). |
| CVE-2018-20900 | 2019-08-01 | cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399). |
| CVE-2019-14471 | 2019-08-01 | TestLink 1.9.19 has XSS via the error.php message parameter. |
| CVE-2019-14472 | 2019-08-01 | Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. |
| CVE-2013-7474 | 2019-08-01 | Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users. |
| CVE-2018-20901 | 2019-08-01 | cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400). |
| CVE-2018-20902 | 2019-08-01 | cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408). |
| CVE-2013-7473 | 2019-08-01 | Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account. |
| CVE-2018-20903 | 2019-08-01 | cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421). |
| CVE-2018-20904 | 2019-08-01 | cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427). |
| CVE-2018-20905 | 2019-08-01 | cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429). |
| CVE-2018-20906 | 2019-08-01 | cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430). |
| CVE-2018-20907 | 2019-08-01 | cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432). |
| CVE-2018-20908 | 2019-08-01 | cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435). |
| CVE-2018-20909 | 2019-08-01 | cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338). |
| CVE-2018-20910 | 2019-08-01 | cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357). |
| CVE-2015-9291 | 2019-08-01 | cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221). |
| CVE-2016-10860 | 2019-08-01 | cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66). |
| CVE-2019-13572 | 2019-08-01 | The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. |
| CVE-2016-10859 | 2019-08-01 | cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65). |
| CVE-2016-10858 | 2019-08-01 | cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64). |
| CVE-2016-10857 | 2019-08-01 | cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60). |
| CVE-2016-10856 | 2019-08-01 | cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29). |
| CVE-2018-20911 | 2019-08-01 | cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359). |
| CVE-2016-10855 | 2019-08-01 | cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91). |
| CVE-2018-20912 | 2019-08-01 | cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362). |
| CVE-2018-20913 | 2019-08-01 | cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364). |
| CVE-2016-10854 | 2019-08-01 | cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87). |
| CVE-2019-14259 | 2019-08-01 | On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web"... |
| CVE-2018-20914 | 2019-08-01 | In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368). |
| CVE-2016-10853 | 2019-08-01 | cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86). |
| CVE-2018-20915 | 2019-08-01 | cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369). |
| CVE-2018-20916 | 2019-08-01 | cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370). |
| CVE-2018-20917 | 2019-08-01 | cPanel before 70.0.23 allows any user to disable Solr (SEC-371). |
| CVE-2016-10852 | 2019-08-01 | cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). |
| CVE-2018-20918 | 2019-08-01 | cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372). |
| CVE-2016-10851 | 2019-08-01 | cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84). |
| CVE-2018-20919 | 2019-08-01 | cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373). |
| CVE-2018-20920 | 2019-08-01 | cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374). |
| CVE-2018-20921 | 2019-08-01 | cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375). |
| CVE-2018-20922 | 2019-08-01 | cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376). |
| CVE-2018-20923 | 2019-08-01 | cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377). |
| CVE-2016-10850 | 2019-08-01 | cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83). |
| CVE-2018-20924 | 2019-08-01 | cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). |
| CVE-2018-20925 | 2019-08-01 | cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379). |
| CVE-2018-20926 | 2019-08-01 | cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380). |
| CVE-2018-20927 | 2019-08-01 | cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). |
| CVE-2018-20929 | 2019-08-01 | cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392). |
| CVE-2019-14486 | 2019-08-01 | GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c via crafted COBOL source code. |
| CVE-2016-10849 | 2019-08-01 | cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82). |
| CVE-2016-10848 | 2019-08-01 | cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81). |
| CVE-2016-10847 | 2019-08-01 | cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80). |
| CVE-2016-10846 | 2019-08-01 | cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79). |
| CVE-2016-10845 | 2019-08-01 | cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78). |
| CVE-2016-10844 | 2019-08-01 | The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77). |
| CVE-2016-10843 | 2019-08-01 | cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76). |
| CVE-2016-10842 | 2019-08-01 | cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74). |
| CVE-2016-10841 | 2019-08-01 | The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73). |
| CVE-2016-10840 | 2019-08-01 | cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72). |
| CVE-2016-10839 | 2019-08-01 | cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71). |
| CVE-2018-20928 | 2019-08-01 | cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391). |
| CVE-2016-10838 | 2019-08-01 | cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70). |