CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1651 CVE-2017-18424 200 +Info 2019-08-02 2019-08-06
2.1
None Local Low Not required Partial None None
In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).
1652 CVE-2017-18423 532 2019-08-02 2019-08-06
2.1
None Local Low Not required Partial None None
In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).
1653 CVE-2017-18422 275 2019-08-02 2019-08-06
2.1
None Local Low Not required Partial None None
In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272).
1654 CVE-2017-18421 284 2019-08-02 2019-08-06
2.1
None Local Low Not required Partial None None
cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271).
1655 CVE-2017-18420 79 XSS 2019-08-02 2019-08-05
3.5
None Remote Medium ??? None Partial None
cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269).
1656 CVE-2017-18419 79 XSS 2019-08-02 2019-08-05
3.5
None Remote Medium ??? None Partial None
cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).
1657 CVE-2017-18418 79 XSS 2019-08-02 2019-08-05
3.5
None Remote Medium ??? None Partial None
cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).
1658 CVE-2017-18417 79 XSS 2019-08-02 2019-08-05
3.5
None Remote Medium ??? None Partial None
cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).
1659 CVE-2017-18416 284 2019-08-02 2019-08-12
3.6
None Local Low Not required None Partial Partial
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303).
1660 CVE-2017-18415 20 Exec Code 2019-08-02 2019-08-12
4.6
None Local Low Not required Partial Partial Partial
cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302).
1661 CVE-2017-18414 601 2019-08-02 2019-08-12
5.8
None Remote Medium Not required Partial Partial None
cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300).
1662 CVE-2017-18413 264 2019-08-02 2019-08-12
4.6
None Local Low Not required Partial Partial Partial
In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299).
1663 CVE-2017-18412 532 2019-08-02 2019-08-12
1.9
None Local Medium Not required Partial None None
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).
1664 CVE-2017-18411 20 2019-08-02 2019-08-12
4.0
None Remote Low ??? Partial None None
The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285).
1665 CVE-2017-18410 20 2019-08-02 2019-08-12
4.0
None Remote Low ??? Partial None None
In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284).
1666 CVE-2017-18409 20 2019-08-02 2019-08-12
4.0
None Remote Low ??? Partial None None
In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283).
1667 CVE-2017-18408 79 XSS 2019-08-02 2019-08-12
3.5
None Remote Medium ??? None Partial None
cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282).
1668 CVE-2017-18407 347 2019-08-02 2019-08-12
5.8
None Remote Medium Not required Partial Partial None
cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279).
1669 CVE-2017-18406 89 Sql 2019-08-02 2019-08-12
5.0
None Remote Low Not required None Partial None
cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276).
1670 CVE-2017-18405 20 2019-08-02 2019-08-12
2.1
None Local Low Not required Partial None None
cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345).
1671 CVE-2017-18404 284 2019-08-02 2019-08-13
4.9
None Remote Medium ??? None Partial Partial
cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341).
1672 CVE-2017-18403 284 Exec Code 2019-08-02 2019-08-13
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).
1673 CVE-2017-18402 79 XSS 2019-08-02 2019-08-13
3.5
None Remote Medium ??? None Partial None
cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336).
1674 CVE-2017-18401 20 2019-08-02 2019-08-13
4.0
None Remote Low ??? None Partial None
cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334).
1675 CVE-2017-18400 77 Exec Code 2019-08-02 2019-08-13
7.2
None Local Low Not required Complete Complete Complete
cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333).
1676 CVE-2017-18399 264 2019-08-02 2019-08-13
4.3
None Remote Medium Not required Partial None None
cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332).
1677 CVE-2017-18398 20 2019-08-02 2019-08-13
5.5
None Remote Low ??? Partial Partial None
DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331).
1678 CVE-2017-18397 275 2019-08-02 2019-08-13
2.1
None Local Low Not required Partial None None
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).
1679 CVE-2017-18396 200 +Info 2019-08-02 2019-08-13
4.9
None Local Low Not required Complete None None
cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).
1680 CVE-2017-18395 20 2019-08-02 2019-08-13
4.0
None Remote Low ??? Partial None None
cPanel before 68.0.15 does not block a username of ssl (SEC-328).
1681 CVE-2017-18394 20 2019-08-02 2019-08-13
4.0
None Remote Low ??? Partial None None
cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327).
1682 CVE-2017-18393 20 2019-08-02 2019-08-13
4.0
None Remote Low ??? Partial None None
cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).
1683 CVE-2017-18392 20 2019-08-02 2019-08-13
2.1
None Remote High ??? None Partial None
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).
1684 CVE-2017-18391 200 +Info 2019-08-02 2019-08-09
1.9
None Local Medium Not required Partial None None
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).
1685 CVE-2017-18390 275 Exec Code 2019-08-02 2019-08-08
7.2
None Local Low Not required Complete Complete Complete
cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).
1686 CVE-2017-18389 74 2019-08-02 2019-08-08
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).
1687 CVE-2017-18388 20 2019-08-02 2019-08-09
7.2
None Local Low Not required Complete Complete Complete
cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).
1688 CVE-2017-18387 74 Exec Code 2019-08-02 2019-08-12
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).
1689 CVE-2017-18386 74 Exec Code 2019-08-02 2019-08-06
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).
1690 CVE-2017-18385 284 2019-08-02 2019-08-06
2.1
None Local Low Not required Partial None None
cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).
1691 CVE-2017-18384 284 2019-08-02 2019-08-06
2.1
None Local Low Not required Partial None None
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).
1692 CVE-2017-18383 264 2019-08-02 2019-08-06
4.6
None Local Low Not required Partial Partial Partial
cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309).
1693 CVE-2017-18382 20 2019-08-02 2019-08-06
4.0
None Remote Low ??? Partial None None
cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).
1694 CVE-2017-14232 399 DoS 2019-08-15 2019-10-22
4.3
None Remote Medium Not required None None Partial
The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file.
1695 CVE-2017-14202 119 Exec Code Overflow 2019-08-29 2020-05-13
4.6
None Local Low Not required Partial Partial Partial
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.
1696 CVE-2017-14201 416 DoS Exec Code 2019-08-29 2020-05-13
4.6
None Local Low Not required Partial Partial Partial
Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.
1697 CVE-2016-10936 79 XSS 2019-08-27 2019-08-28
4.3
None Remote Medium Not required None Partial None
The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option.
1698 CVE-2016-10935 264 2019-08-27 2020-02-03
7.5
None Remote Low Not required Partial Partial Partial
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation.
1699 CVE-2016-10934 79 XSS 2019-08-27 2019-08-29
4.3
None Remote Medium Not required None Partial None
The check-email plugin before 0.5.2 for WordPress has XSS.
1700 CVE-2016-10933 254 2019-08-26 2019-08-29
4.3
None Remote Medium Not required Partial None None
An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP.
Total number of vulnerabilities : 2004   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 (This Page)35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.