Lista CVE - 2019 / Agosto
Visualizzazione 101 - 200 di 2001 CVE per Agosto 2019 (Pagina 2 di 21)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2016-10837 | 2019-08-01 | cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46). |
| CVE-2018-20930 | 2019-08-01 | cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). |
| CVE-2018-20931 | 2019-08-01 | cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). |
| CVE-2018-20932 | 2019-08-01 | cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406). |
| CVE-2018-20933 | 2019-08-01 | cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410). |
| CVE-2018-20934 | 2019-08-01 | cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411). |
| CVE-2018-20935 | 2019-08-01 | cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412). |
| CVE-2016-10836 | 2019-08-01 | cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108). |
| CVE-2019-14491 | 2019-08-01 | An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of... |
| CVE-2019-14492 | 2019-08-01 | An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of... |
| CVE-2019-14493 | 2019-08-01 | An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp. |
| CVE-2019-14494 | 2019-08-01 | An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. |
| CVE-2018-20936 | 2019-08-01 | cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). |
| CVE-2016-10835 | 2019-08-01 | cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). |
| CVE-2018-20937 | 2019-08-01 | cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). |
| CVE-2016-10834 | 2019-08-01 | cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105). |
| CVE-2018-20938 | 2019-08-01 | cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). |
| CVE-2018-20939 | 2019-08-01 | cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). |
| CVE-2018-20940 | 2019-08-01 | cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). |
| CVE-2016-10833 | 2019-08-01 | cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104). |
| CVE-2018-20941 | 2019-08-01 | cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349). |
| CVE-2018-20942 | 2019-08-01 | cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). |
| CVE-2018-20943 | 2019-08-01 | cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). |
| CVE-2016-10832 | 2019-08-01 | cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102). |
| CVE-2018-20944 | 2019-08-01 | cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). |
| CVE-2018-20945 | 2019-08-01 | bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). |
| CVE-2018-20946 | 2019-08-01 | cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). |
| CVE-2018-20947 | 2019-08-01 | cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). |
| CVE-2018-20948 | 2019-08-01 | cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). |
| CVE-2018-20949 | 2019-08-01 | cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). |
| CVE-2018-20950 | 2019-08-01 | cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386). |
| CVE-2018-20951 | 2019-08-01 | cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). |
| CVE-2018-20952 | 2019-08-01 | cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388). |
| CVE-2018-20953 | 2019-08-01 | cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389). |
| CVE-2016-10831 | 2019-08-01 | cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101). |
| CVE-2016-10830 | 2019-08-01 | cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100). |
| CVE-2016-10829 | 2019-08-01 | cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99). |
| CVE-2016-10828 | 2019-08-01 | cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97). |
| CVE-2016-10827 | 2019-08-01 | cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96). |
| CVE-2016-10825 | 2019-08-01 | cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92). |
| CVE-2016-10824 | 2019-08-01 | cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90). |
| CVE-2016-10823 | 2019-08-01 | cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89). |
| CVE-2016-10822 | 2019-08-01 | cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88). |
| CVE-2019-14495 | 2019-08-01 | webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface. |
| CVE-2019-9140 | 2019-08-01 | Happypoint mobile application information disclosure vulnerability |
| CVE-2019-14496 | 2019-08-01 | LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow. |
| CVE-2019-14497 | 2019-08-01 | ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow. |
| CVE-2016-10826 | 2019-08-01 | cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93). |
| CVE-2016-10821 | 2019-08-01 | In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). |
| CVE-2016-10820 | 2019-08-01 | cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31). |
| CVE-2016-10819 | 2019-08-01 | In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125). |
| CVE-2016-10818 | 2019-08-01 | cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). |
| CVE-2016-10817 | 2019-08-01 | cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123). |
| CVE-2016-10816 | 2019-08-01 | cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121). |
| CVE-2016-10815 | 2019-08-01 | cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120). |
| CVE-2016-10814 | 2019-08-01 | cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119). |
| CVE-2016-10813 | 2019-08-01 | cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118). |
| CVE-2019-14260 | 2019-08-01 | On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password... |
| CVE-2019-14513 | 2019-08-01 | Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the... |
| CVE-2019-5401 | 2019-08-01 | A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields... |
| CVE-2019-14517 | 2019-08-01 | pandao Editor.md 1.5.0 allows XSS via the Javascript: string. |
| CVE-2019-14232 | 2019-08-02 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely... |
| CVE-2019-14524 | 2019-08-02 | An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than... |
| CVE-2019-14523 | 2019-08-02 | An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c. |
| CVE-2014-8184 | 2019-08-02 | A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause... |
| CVE-2019-10166 | 2019-08-02 | It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save... |
| CVE-2019-10167 | 2019-08-02 | The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute... |
| CVE-2019-10168 | 2019-08-02 | The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will... |
| CVE-2017-18382 | 2019-08-02 | cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). |
| CVE-2017-18383 | 2019-08-02 | cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309). |
| CVE-2017-18384 | 2019-08-02 | cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). |
| CVE-2017-18385 | 2019-08-02 | cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). |
| CVE-2017-18386 | 2019-08-02 | cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313). |
| CVE-2017-18387 | 2019-08-02 | cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314). |
| CVE-2017-18388 | 2019-08-02 | cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315). |
| CVE-2017-18389 | 2019-08-02 | cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318). |
| CVE-2017-18390 | 2019-08-02 | cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). |
| CVE-2017-18391 | 2019-08-02 | cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323). |
| CVE-2017-18392 | 2019-08-02 | cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325). |
| CVE-2017-18393 | 2019-08-02 | cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326). |
| CVE-2017-18394 | 2019-08-02 | cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327). |
| CVE-2017-18395 | 2019-08-02 | cPanel before 68.0.15 does not block a username of ssl (SEC-328). |
| CVE-2017-18396 | 2019-08-02 | cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329). |
| CVE-2017-18397 | 2019-08-02 | cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). |
| CVE-2017-18398 | 2019-08-02 | DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331). |
| CVE-2017-18399 | 2019-08-02 | cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332). |
| CVE-2017-18400 | 2019-08-02 | cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333). |
| CVE-2017-18401 | 2019-08-02 | cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334). |
| CVE-2017-18402 | 2019-08-02 | cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336). |
| CVE-2017-18403 | 2019-08-02 | cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337). |
| CVE-2017-18404 | 2019-08-02 | cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). |
| CVE-2017-18405 | 2019-08-02 | cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345). |
| CVE-2019-14528 | 2019-08-02 | GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/scanner.l via crafted COBOL source code. |
| CVE-2017-18406 | 2019-08-02 | cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276). |
| CVE-2019-14529 | 2019-08-02 | OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. |
| CVE-2017-18407 | 2019-08-02 | cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279). |
| CVE-2017-18408 | 2019-08-02 | cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282). |
| CVE-2017-18409 | 2019-08-02 | In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283). |
| CVE-2017-18410 | 2019-08-02 | In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284). |
| CVE-2019-10171 | 2019-08-02 | It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU... |