| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). |
| cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464). |
| cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). |
| cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461). |
| cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459). |
| cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454). |
| cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452). |
| cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366). |
| libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files. |
| libopenmpt before 0.3.13 allows a crash with malformed MED files. |
| edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem. |
| Recommender before 2018-07-18 allows XSS. |
| Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!---->. and then the attacker's domain name. |
| An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. |
| An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. |
| An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read. |
| An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks. |
| http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. |
| Helpy before 2.2.0 allows agents to edit admins. |
| Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server. |
