Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 216537 entries
IDDescriptionPriorityModified date
CVE-2017-18501 The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. MEDIUM Aug 16, 2019
CVE-2017-18500 The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. MEDIUM Aug 16, 2019
CVE-2017-18499 The simple-membership plugin before 3.5.7 for WordPress has XSS. MEDIUM Aug 16, 2019
CVE-2017-18498 The simple-job-board plugin before 2.4.4 for WordPress has reflected XSS via keyword search. MEDIUM Aug 15, 2019
CVE-2017-18497 The liveforms plugin before 3.4.0 for WordPress has XSS. MEDIUM Aug 15, 2019
CVE-2017-18496 The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues. MEDIUM Aug 15, 2019
CVE-2017-18495 The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS. MEDIUM Aug 15, 2019
CVE-2017-18494 The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues. MEDIUM Aug 15, 2019
CVE-2017-18493 The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues. MEDIUM Aug 16, 2019
CVE-2017-18492 The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues. MEDIUM Aug 16, 2019
CVE-2017-18491 The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues. MEDIUM Aug 16, 2019
CVE-2017-18490 The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues. MEDIUM Aug 16, 2019
CVE-2017-18489 The contact-form-7-sms-addon plugin before 2.4.0 for WordPress has XSS. MEDIUM Aug 16, 2019
CVE-2017-18488 The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues. MEDIUM Aug 15, 2019
CVE-2017-18487 The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues. MEDIUM Aug 15, 2019
CVE-2017-18486 Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user. MEDIUM Aug 19, 2019
CVE-2017-18485 Cognitoys Dino devices allow profiles_add.html CSRF. MEDIUM Aug 15, 2019
CVE-2017-18484 Cognitoys Dino devices allow XSS via the SSID. MEDIUM Aug 15, 2019
CVE-2017-18483 ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a crafted SSID. MEDIUM Aug 14, 2019
CVE-2017-18482 cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213). MEDIUM Aug 12, 2019
CVE-2017-18481 cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211). LOW Aug 7, 2019
CVE-2017-18480 cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210). MEDIUM Aug 12, 2019
CVE-2017-18479 In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209). MEDIUM Aug 12, 2019
CVE-2017-18478 In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207). MEDIUM Aug 12, 2019
CVE-2017-18477 In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206). MEDIUM Aug 12, 2019
CVE-2017-18476 Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205). MEDIUM Aug 12, 2019
CVE-2017-18475 In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204). MEDIUM Aug 12, 2019
CVE-2017-18474 cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201). MEDIUM Aug 12, 2019
CVE-2017-18473 cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199). LOW Aug 7, 2019
CVE-2017-18472 cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198). MEDIUM Aug 7, 2019
CVE-2017-18471 cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197). LOW Aug 7, 2019
CVE-2017-18470 cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196). MEDIUM Aug 12, 2019
CVE-2017-18469 cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233). MEDIUM Aug 8, 2019
CVE-2017-18468 cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232). MEDIUM Aug 12, 2019
CVE-2017-18467 cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229). MEDIUM Aug 12, 2019
CVE-2017-18466 cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228). MEDIUM Aug 12, 2019
CVE-2017-18465 cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227). LOW Aug 12, 2019
CVE-2017-18464 cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226). MEDIUM Aug 12, 2019
CVE-2017-18463 cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225). HIGH Aug 6, 2019
CVE-2017-18462 cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224). MEDIUM Aug 12, 2019
CVE-2017-18461 cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). MEDIUM Aug 8, 2019
CVE-2017-18460 cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). HIGH Aug 7, 2019
CVE-2017-18459 cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). HIGH Aug 7, 2019
CVE-2017-18458 cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219). LOW Aug 6, 2019
CVE-2017-18457 cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). MEDIUM Aug 9, 2019
CVE-2017-18456 cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). MEDIUM Aug 8, 2019
CVE-2017-18455 In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208). MEDIUM Aug 8, 2019
CVE-2017-18454 cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262). LOW Aug 6, 2019
CVE-2017-18453 cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). MEDIUM Aug 6, 2019
CVE-2017-18452 cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259). MEDIUM Aug 14, 2019
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online