The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2018-20968 | The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. | MEDIUM | Aug 19, 2019 |
CVE-2018-20967 | The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF. | MEDIUM | Aug 19, 2019 |
CVE-2018-20966 | The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature. | MEDIUM | Aug 15, 2019 |
CVE-2018-20965 | The ultimate-member plugin before 2.0.4 for WordPress has XSS. | MEDIUM | Aug 14, 2019 |
CVE-2018-20964 | The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. | MEDIUM | Aug 15, 2019 |
CVE-2018-20963 | The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. | MEDIUM | Aug 15, 2019 |
CVE-2018-20962 | The Backpack\\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type. | MEDIUM | Aug 15, 2019 |
CVE-2018-20961 | In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact. | HIGH | Aug 7, 2019 |
CVE-2018-20960 | Nespresso Prodigio devices lack Bluetooth connection security. | MEDIUM | Aug 14, 2019 |
CVE-2018-20959 | Jura E8 devices lack Bluetooth connection security. | MEDIUM | Aug 14, 2019 |
CVE-2018-20958 | The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device. | LOW | Aug 15, 2019 |
CVE-2018-20957 | The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks. | MEDIUM | Aug 16, 2019 |
CVE-2018-20956 | Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. NOTE: all affected customers were migrated by 2020-08-31. | LOW | Aug 8, 2019 |
CVE-2018-20955 | Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31. | HIGH | Aug 8, 2019 |
CVE-2018-20954 | The \"Security and Privacy\" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys. | MEDIUM | Aug 16, 2019 |
CVE-2018-20953 | cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389). | MEDIUM | Aug 8, 2019 |
CVE-2018-20952 | cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388). | MEDIUM | Aug 8, 2019 |
CVE-2018-20951 | cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). | MEDIUM | Aug 7, 2019 |
CVE-2018-20950 | cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386). | MEDIUM | Aug 7, 2019 |
CVE-2018-20949 | cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). | MEDIUM | Aug 7, 2019 |
CVE-2018-20948 | cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). | MEDIUM | Aug 7, 2019 |
CVE-2018-20947 | cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). | LOW | Aug 8, 2019 |
CVE-2018-20946 | cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). | LOW | Aug 7, 2019 |
CVE-2018-20945 | bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). | HIGH | Aug 13, 2019 |
CVE-2018-20944 | cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). | LOW | Aug 7, 2019 |
CVE-2018-20943 | cPanel before 68.0.27 allows attackers to read root\'s crontab file during a short time interval upon a post-update task (SEC-352). | LOW | Aug 9, 2019 |
CVE-2018-20942 | cPanel before 68.0.27 allows attackers to read root\'s crontab file during a short time interval upon configuring crontab (SEC-351). | LOW | Aug 9, 2019 |
CVE-2018-20941 | cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349). | MEDIUM | Aug 8, 2019 |
CVE-2018-20940 | cPanel before 68.0.27 allows attackers to read root\'s crontab file during a short time interval upon the enabling of backups (SEC-342). | LOW | Aug 7, 2019 |
CVE-2018-20939 | cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). | LOW | Aug 7, 2019 |
CVE-2018-20938 | cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). | MEDIUM | Aug 9, 2019 |
CVE-2018-20937 | cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | MEDIUM | Aug 12, 2019 |
CVE-2018-20936 | cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). | LOW | Aug 12, 2019 |
CVE-2018-20935 | cPanel before 70.0.23 allows stored XSS in via a WHM \"Reset a DNS Zone\" action (SEC-412). | LOW | Aug 7, 2019 |
CVE-2018-20934 | cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411). | MEDIUM | Aug 12, 2019 |
CVE-2018-20933 | cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410). | LOW | Aug 7, 2019 |
CVE-2018-20932 | cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406). | MEDIUM | Aug 12, 2019 |
CVE-2018-20931 | cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). | MEDIUM | Aug 12, 2019 |
CVE-2018-20930 | cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). | MEDIUM | Aug 12, 2019 |
CVE-2018-20929 | cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392). | MEDIUM | Aug 8, 2019 |
CVE-2018-20928 | cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391). | MEDIUM | Aug 8, 2019 |
CVE-2018-20927 | cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). | LOW | Aug 12, 2019 |
CVE-2018-20926 | cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380). | HIGH | Aug 12, 2019 |
CVE-2018-20925 | cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379). | MEDIUM | Aug 12, 2019 |
CVE-2018-20924 | cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). | HIGH | Aug 8, 2019 |
CVE-2018-20923 | cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377). | MEDIUM | Aug 1, 2019 |
CVE-2018-20922 | cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376). | MEDIUM | Aug 1, 2019 |
CVE-2018-20921 | cPanel before 70.0.23 allows stored XSS via a WHM \"Delete a DNS Zone\" action (SEC-375). | MEDIUM | Aug 1, 2019 |
CVE-2018-20920 | cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374). | MEDIUM | Aug 1, 2019 |
CVE-2018-20919 | cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373). | MEDIUM | Aug 1, 2019 |