Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20898 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). | |||||
| CVE-2017-18387 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 9.0 HIGH | 7.2 HIGH |
| cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314). | |||||
| CVE-2017-18437 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 3.6 LOW | 4.4 MEDIUM |
| cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240). | |||||
| CVE-2019-7889 | 1 Magento | 1 Magento | 2019-08-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with marketing manipulation privileges can invoke methods that alter data of the underlying model followed by corresponding database modifications. | |||||
| CVE-2016-10845 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 6.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78). | |||||
| CVE-2016-10847 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80). | |||||
| CVE-2017-18389 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318). | |||||
| CVE-2017-18386 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 9.0 HIGH | 7.2 HIGH |
| cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313). | |||||
| CVE-2018-20914 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 4.9 MEDIUM | 7.3 HIGH |
| In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368). | |||||
| CVE-2018-20885 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). | |||||
| CVE-2019-1020006 | 1 Inveniosoftware | 1 Invenio-app | 2019-08-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| invenio-app before 1.1.1 allows host header injection. | |||||
| CVE-2016-10761 | 1 Logitech | 10 K360, K360 Firmware, K400r and 7 more | 2019-07-08 | 3.3 LOW | 6.5 MEDIUM |
| Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack. | |||||
| CVE-2019-6800 | 1 Titanhq | 1 Spamtitan | 2019-06-06 | 8.5 HIGH | 7.5 HIGH |
| In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands. | |||||
| CVE-2016-8900 | 1 Exponentcms | 1 Exponent Cms | 2019-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags. | |||||
| CVE-2016-8901 | 1 B2evolution | 1 B2evolution | 2019-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. | |||||
| CVE-2016-8899 | 1 Exponentcms | 1 Exponent Cms | 2019-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats. | |||||
| CVE-2017-1000493 | 1 Rocket.chat | 1 Rocket.chat | 2019-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover | |||||
| CVE-2017-17511 | 2 Debian, Kildclient | 2 Debian Linux, Kildclient | 2019-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c. | |||||
| CVE-2015-5462 | 1 Axiomsl | 1 Axiom | 2019-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features. | |||||
| CVE-2018-4153 | 1 Apple | 1 Mac Os X | 2019-04-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| An injection issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14. | |||||