| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. For xls files, it will execute the script diff-xls.js using wscript, which will open the two files for analysis without any macro security warning. An attacker can exploit this by putting a macro virus in a network drive, and force the victim to open the workbooks and execute the macro inside. |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality. |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality. |
| In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478). |
| cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476). |
| cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473). |
| cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466). |
| cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460). |
| cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415). |
| cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487). |
| cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). |
| cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481). |
| cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480). |
| cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479). |
| The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477). |
| cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498). |
| cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496). |
| API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495). |
| cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). |
| cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486). |
