Skip to main content
CVE-2019-14404 MEDIUM This Month

cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-14394 MEDIUM This Month

cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-10156 MEDIUM PATCH This Month

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ansible Openstack Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.8%
CVE-2019-4285 MEDIUM PATCH This Month

IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS IBM Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-14390 MEDIUM This Month

cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cpanel
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-14386 MEDIUM This Month

cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tomcat Cpanel
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-14411 MEDIUM This Month

cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2019-14397 MEDIUM This Month

cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2019-14393 MEDIUM This Month

cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486). Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Cpanel
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2019-10153 MEDIUM PATCH This Month

A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fence Agents Enterprise Linux Enterprise Linux Server Enterprise Linux Workstation
NVD GitHub
CVSS 3.1
5.0
EPSS
2.2%
CVE-2019-7616 MEDIUM This Month

Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic SSRF Kibana
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2019-5451 MEDIUM This Month

Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Nextcloud Nextcloud Server
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-10163 MEDIUM PATCH This Month

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Authoritative Backports Leap
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-5449 MEDIUM This Month

A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nextcloud Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-10130 MEDIUM This Month

A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PostgreSQL Leap
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2019-14413 MEDIUM This Month

cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2019-14408 MEDIUM This Month

cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2019-14403 MEDIUM This Month

cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cpanel
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2019-1552 LOW Monitor

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

OpenSSL Microsoft Information Disclosure
NVD
CVSS 3.0
3.3
EPSS
0.7%
CVE-2019-14414 LOW Monitor

In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
3.3
EPSS
0.3%
CVE-2019-14412 LOW Monitor

Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Cpanel
NVD
CVSS 3.0
3.3
EPSS
0.4%
CVE-2019-14410 LOW Monitor

Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Cpanel
NVD
CVSS 3.0
3.3
EPSS
0.4%
CVE-2019-14402 LOW Monitor

cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
3.3
EPSS
0.3%
CVE-2019-14396 LOW Monitor

API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
3.3
EPSS
0.3%
CVE-2019-14395 LOW Monitor

cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
3.3
EPSS
0.3%
CVE-2019-14391 LOW Monitor

cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
3.3
EPSS
0.4%
CVE-2019-14407 LOW Monitor

cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
2.7
EPSS
0.7%
CVE-2019-10165 LOW PATCH Monitor

OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.

Information Disclosure Kubernetes Openshift Container Platform
NVD GitHub
CVSS 3.1
2.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy