Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.