|
245961
|
6.1 |
MEDIUM
Network
|
cpanel
|
cpanel
|
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459).
|
CWE-79
Cross-site Scripting
|
CVE-2018-20865
|
2024-11-21 13:02 |
2019-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245962
|
6.5 |
MEDIUM
Network
|
cpanel
|
cpanel
|
cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454).
|
CWE-20
Improper Input Validation
|
CVE-2018-20864
|
2024-11-21 13:02 |
2019-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245963
|
9.8 |
CRITICAL
Network
|
cpanel
|
cpanel
|
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452).
|
CWE-20
Improper Input Validation
|
CVE-2018-20863
|
2024-11-21 13:02 |
2019-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245964
|
7.8 |
HIGH
Local
|
cpanel
|
cpanel
|
cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366).
|
NVD-CWE-noinfo
|
CVE-2018-20862
|
2024-11-21 13:02 |
2019-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245965
|
6.1 |
MEDIUM
Network
|
cpanel
|
cpanel
|
cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462).
|
CWE-601
Open Redirect
|
CVE-2018-20867
|
2024-11-21 13:02 |
2019-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245966
|
7.5 |
HIGH
Network
|
zendesk
|
samlr
|
Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!---->. and then the attacker's domain name.
|
CWE-20
Improper Input Validation
|
CVE-2018-20857
|
2024-11-21 13:02 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245967
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.
|
CWE-416
Use After Free
|
CVE-2018-20856
|
2024-11-21 13:02 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245968
|
3.3 |
LOW
Local
|
linux opensuse netapp
|
linux_kernel leap element_software active_iq_performance_analytics_services active_iq_unified_manager data_availability_services
|
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-20855
|
2024-11-21 13:02 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245969
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-20854
|
2024-11-21 13:02 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245970
|
5.3 |
MEDIUM
Network
|
python
|
python
|
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong serv…
|
CWE-20
Improper Input Validation
|
CVE-2018-20852
|
2024-11-21 13:02 |
2019-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|