| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569). |
| The email quota cache in cPanel before 90.0.10 allows overwriting of files. |
| cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566). |
| cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564). |
| cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557). |
| cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488). |
| cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561). |
| cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558). |
| In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). |
| In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). |
| In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551). |
| In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). |
| In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). |
| chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). |
| cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491). |
| cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). |
| The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
| A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. |
| A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected device. An attacker could exploit this vulnerability by accessing information that should not be accessible to users with low privileges. A successful exploit could allow the attacker to gain access to sensitive information. |
| Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. |
