The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2019-14475 | eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in the ability to read the service messages, clear the system protocol, create a new user in the system, or modify/delete internal programs. | MEDIUM | Aug 13, 2019 |
| CVE-2019-14521 | The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter. | MEDIUM | Aug 13, 2019 |
| CVE-2019-11198 | Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) #300583 - List Manager Dashboard module, (2) #307638 - Campaign Creator module, (3) #316994 - Attributes field, (4) I#316995 - Icon Selection module, (5) #317000 - Latitude field, (6) #317000 - Longitude field, (7) #317017 - UploadPackage2.aspx module, (8) #317072 - Context menu, or (9) I#317073 - Insert from Template dialog. | MEDIUM | Aug 13, 2019 |
| CVE-2019-10994 | Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | MEDIUM | Aug 13, 2019 |
| CVE-2019-10980 | A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to execute remote code. The attacker must have local access to the system. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). | MEDIUM | Aug 13, 2019 |
| CVE-2019-4473 | Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984. | MEDIUM | Aug 13, 2019 |
| CVE-2019-3717 | Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en for versions affected by this vulnerability. | HIGH | Aug 13, 2019 |
| CVE-2019-14544 | routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks. | HIGH | Aug 13, 2019 |
| CVE-2019-14529 | OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. | HIGH | Aug 13, 2019 |
| CVE-2019-14528 | GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/scanner.l via crafted COBOL source code. | MEDIUM | Aug 13, 2019 |
| CVE-2019-10176 | A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user\'s session. An attacker with the ability to observe the value of this token would be able to re-use the token to perform a CSRF attack. | MEDIUM | Aug 13, 2019 |
| CVE-2017-18431 | cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941). | MEDIUM | Aug 13, 2019 |
| CVE-2017-18404 | cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). | MEDIUM | Aug 13, 2019 |
| CVE-2017-18403 | cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337). | MEDIUM | Aug 13, 2019 |
| CVE-2017-18402 | cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336). | LOW | Aug 13, 2019 |
| CVE-2017-18401 | cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334). | MEDIUM | Aug 13, 2019 |
| CVE-2017-18400 | cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333). | HIGH | Aug 13, 2019 |
| CVE-2017-18399 | cPanel before 68.0.15 allows attackers to read root\'s crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332). | MEDIUM | Aug 13, 2019 |
| CVE-2017-18398 | DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331). | MEDIUM | Aug 13, 2019 |
| CVE-2017-18397 | cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). | LOW | Aug 13, 2019 |
| CVE-2017-18396 | cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329). | MEDIUM | Aug 13, 2019 |
| CVE-2017-18395 | cPanel before 68.0.15 does not block a username of ssl (SEC-328). | MEDIUM | Aug 13, 2019 |
| CVE-2017-18394 | cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327). | MEDIUM | Aug 13, 2019 |
| CVE-2017-18393 | cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326). | MEDIUM | Aug 13, 2019 |
| CVE-2017-18392 | cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325). | LOW | Aug 13, 2019 |
| CVE-2019-14486 | GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c via crafted COBOL source code. | MEDIUM | Aug 13, 2019 |
| CVE-2019-13572 | The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. | HIGH | Aug 13, 2019 |
| CVE-2018-20945 | bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). | HIGH | Aug 13, 2019 |
| CVE-2016-10839 | cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71). | MEDIUM | Aug 13, 2019 |
| CVE-2016-10838 | cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70). | MEDIUM | Aug 13, 2019 |
| CVE-2016-10836 | cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108). | MEDIUM | Aug 13, 2019 |
| CVE-2016-10814 | cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119). | MEDIUM | Aug 13, 2019 |
| CVE-2019-14313 | A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php. | HIGH | Aug 13, 2019 |
| CVE-2019-14439 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath. | MEDIUM | Aug 13, 2019 |
| CVE-2019-13635 | The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal. | MEDIUM | Aug 13, 2019 |
| CVE-2019-14364 | An XSS vulnerability in the \"Email Subscribers & Newsletters\" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter. | MEDIUM | Aug 13, 2019 |
| CVE-2006-5001 | Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue. | MEDIUM | Aug 13, 2019 |
| CVE-2006-5000 | Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue. | MEDIUM | Aug 13, 2019 |
| CVE-2006-4847 | Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands. | MEDIUM | Aug 13, 2019 |
| CVE-2004-1885 | Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe. | HIGH | Aug 13, 2019 |
| CVE-2004-1883 | Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long hostname or username to be inserted into a reply to a STAT command while a file is being transferred. | HIGH | Aug 13, 2019 |
| CVE-2004-1848 | Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file. | MEDIUM | Aug 13, 2019 |
| CVE-2004-1643 | WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a \"../\" sequence. | MEDIUM | Aug 13, 2019 |
| CVE-2004-1884 | Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. | HIGH | Aug 13, 2019 |
| CVE-2003-0772 | Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments. | HIGH | Aug 13, 2019 |
| CVE-2002-0826 | Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command. | HIGH | Aug 13, 2019 |
| CVE-2001-1021 | Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD. | HIGH | Aug 13, 2019 |
| CVE-1999-1171 | IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the \"flags\" registry key to 1920. | MEDIUM | Aug 13, 2019 |
| CVE-1999-1170 | IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the \"flags\" registry key to 1920. | MEDIUM | Aug 13, 2019 |
| CVE-2019-13173 | fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system\'s file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable. | MEDIUM | Aug 13, 2019 |
