| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510). |
| cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507). |
| cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). |
| cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). |
| J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. |
| DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. |
| libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot. |
| libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files. |
| SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. |
| ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. |
| An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a heap-based buffer over-read in libpng via a crafted flif file. |
| In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c. |
| An issue was discovered in Libav 12.3. There is an infinite loop in the function mov_probe in the file libavformat/mov.c, related to offset and tag. |
| In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service. |
| Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file. |
| Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp. |
| Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.). |
| WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.). |
| The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.). |
| An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter. |
