Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14391 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). | |||||
| CVE-2019-14392 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501). | |||||
| CVE-2019-14393 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.6 MEDIUM | 5.3 MEDIUM |
| cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486). | |||||
| CVE-2019-14396 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495). | |||||
| CVE-2019-14397 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496). | |||||
| CVE-2019-14398 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498). | |||||
| CVE-2019-14400 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479). | |||||
| CVE-2019-14401 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480). | |||||
| CVE-2019-14402 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481). | |||||
| CVE-2019-14405 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487). | |||||
| CVE-2019-14408 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460). | |||||
| CVE-2019-14411 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473). | |||||
| CVE-2019-14413 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476). | |||||
| CVE-2019-1449 | 1 Microsoft | 2 Office, Office 365 Proplus | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office ClickToRun Security Feature Bypass Vulnerability'. | |||||
| CVE-2019-14414 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478). | |||||
| CVE-2019-14417 | 1 Veritas | 1 Resiliency Platform | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality. | |||||
| CVE-2019-14422 | 1 Tortoisesvn | 1 Tortoisesvn | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. For xls files, it will execute the script diff-xls.js using wscript, which will open the two files for analysis without any macro security warning. An attacker can exploit this by putting a macro virus in a network drive, and force the victim to open the workbooks and execute the macro inside. | |||||
| CVE-2019-14454 | 1 Salesagility | 1 Suitecrm | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. | |||||
| CVE-2019-14458 | 1 Vivotek | 1 Camera | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header. | |||||
| CVE-2019-1448 | 1 Microsoft | 3 Excel, Office, Office 365 Proplus | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | |||||