Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 216078 entries
IDDescriptionPriorityModified date
CVE-2018-20968 The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. MEDIUM Aug 19, 2019
CVE-2018-20967 The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF. MEDIUM Aug 19, 2019
CVE-2018-20966 The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature. MEDIUM Aug 15, 2019
CVE-2018-20965 The ultimate-member plugin before 2.0.4 for WordPress has XSS. MEDIUM Aug 14, 2019
CVE-2018-20964 The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. MEDIUM Aug 15, 2019
CVE-2018-20963 The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. MEDIUM Aug 15, 2019
CVE-2018-20962 The Backpack\\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type. MEDIUM Aug 15, 2019
CVE-2018-20961 In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact. HIGH Aug 7, 2019
CVE-2018-20960 Nespresso Prodigio devices lack Bluetooth connection security. MEDIUM Aug 14, 2019
CVE-2018-20959 Jura E8 devices lack Bluetooth connection security. MEDIUM Aug 14, 2019
CVE-2018-20958 The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device. LOW Aug 15, 2019
CVE-2018-20957 The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks. MEDIUM Aug 16, 2019
CVE-2018-20956 Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. NOTE: all affected customers were migrated by 2020-08-31. LOW Aug 8, 2019
CVE-2018-20955 Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31. HIGH Aug 8, 2019
CVE-2018-20954 The \"Security and Privacy\" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys. MEDIUM Aug 16, 2019
CVE-2018-20953 cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389). MEDIUM Aug 8, 2019
CVE-2018-20952 cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388). MEDIUM Aug 8, 2019
CVE-2018-20951 cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). MEDIUM Aug 7, 2019
CVE-2018-20950 cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386). MEDIUM Aug 7, 2019
CVE-2018-20949 cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). MEDIUM Aug 7, 2019
CVE-2018-20948 cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). MEDIUM Aug 7, 2019
CVE-2018-20947 cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). LOW Aug 8, 2019
CVE-2018-20946 cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). LOW Aug 7, 2019
CVE-2018-20945 bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). HIGH Aug 13, 2019
CVE-2018-20944 cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). LOW Aug 7, 2019
CVE-2018-20943 cPanel before 68.0.27 allows attackers to read root\'s crontab file during a short time interval upon a post-update task (SEC-352). LOW Aug 9, 2019
CVE-2018-20942 cPanel before 68.0.27 allows attackers to read root\'s crontab file during a short time interval upon configuring crontab (SEC-351). LOW Aug 9, 2019
CVE-2018-20941 cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349). MEDIUM Aug 8, 2019
CVE-2018-20940 cPanel before 68.0.27 allows attackers to read root\'s crontab file during a short time interval upon the enabling of backups (SEC-342). LOW Aug 7, 2019
CVE-2018-20939 cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). LOW Aug 7, 2019
CVE-2018-20938 cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). MEDIUM Aug 9, 2019
CVE-2018-20937 cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). MEDIUM Aug 12, 2019
CVE-2018-20936 cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). LOW Aug 12, 2019
CVE-2018-20935 cPanel before 70.0.23 allows stored XSS in via a WHM \"Reset a DNS Zone\" action (SEC-412). LOW Aug 7, 2019
CVE-2018-20934 cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411). MEDIUM Aug 12, 2019
CVE-2018-20933 cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410). LOW Aug 7, 2019
CVE-2018-20932 cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406). MEDIUM Aug 12, 2019
CVE-2018-20931 cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). MEDIUM Aug 12, 2019
CVE-2018-20930 cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). MEDIUM Aug 12, 2019
CVE-2018-20929 cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392). MEDIUM Aug 8, 2019
CVE-2018-20928 cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391). MEDIUM Aug 8, 2019
CVE-2018-20927 cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). LOW Aug 12, 2019
CVE-2018-20926 cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380). HIGH Aug 12, 2019
CVE-2018-20925 cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379). MEDIUM Aug 12, 2019
CVE-2018-20924 cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). HIGH Aug 8, 2019
CVE-2018-20923 cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377). MEDIUM Aug 1, 2019
CVE-2018-20922 cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376). MEDIUM Aug 1, 2019
CVE-2018-20921 cPanel before 70.0.23 allows stored XSS via a WHM \"Delete a DNS Zone\" action (SEC-375). MEDIUM Aug 1, 2019
CVE-2018-20920 cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374). MEDIUM Aug 1, 2019
CVE-2018-20919 cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373). MEDIUM Aug 1, 2019
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online