Skip to main content
CVE-2019-5452 LOW POC Monitor

Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nextcloud Google
NVD
CVSS 3.1
2.4
EPSS
0.4%
CVE-2019-1552 LOW Monitor

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

OpenSSL Microsoft Information Disclosure
NVD
CVSS 3.0
3.3
EPSS
0.7%
CVE-2019-14414 LOW Monitor

In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
3.3
EPSS
0.3%
CVE-2019-14412 LOW Monitor

Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Cpanel
NVD
CVSS 3.0
3.3
EPSS
0.4%
CVE-2019-14410 LOW Monitor

Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Cpanel
NVD
CVSS 3.0
3.3
EPSS
0.4%
CVE-2019-14402 LOW Monitor

cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
3.3
EPSS
0.3%
CVE-2019-14396 LOW Monitor

API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
3.3
EPSS
0.3%
CVE-2019-14395 LOW Monitor

cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
3.3
EPSS
0.3%
CVE-2019-14391 LOW Monitor

cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
3.3
EPSS
0.4%
CVE-2019-14407 LOW Monitor

cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.0
2.7
EPSS
0.7%
CVE-2019-10165 LOW PATCH Monitor

OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.

Information Disclosure Kubernetes Openshift Container Platform
NVD GitHub
CVSS 3.1
2.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy