Total
12364 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18431 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941). | ||||
| CVE-2017-18430 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294). | ||||
| CVE-2017-18415 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302). | ||||
| CVE-2017-18411 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285). | ||||
| CVE-2017-18410 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284). | ||||
| CVE-2017-18409 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283). | ||||
| CVE-2017-18405 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345). | ||||
| CVE-2017-18401 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334). | ||||
| CVE-2017-18398 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331). | ||||
| CVE-2017-18395 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 does not block a username of ssl (SEC-328). | ||||
| CVE-2017-18394 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327). | ||||
| CVE-2017-18393 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326). | ||||
| CVE-2017-18392 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325). | ||||
| CVE-2017-18388 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315). | ||||
| CVE-2017-18382 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). | ||||
| CVE-2017-18367 | 2 Libseccomp-golang Project, Redhat | 2 Libseccomp-golang, Openshift | 2024-11-21 | N/A |
| libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument. | ||||
| CVE-2017-18359 | 2 Debian, Postgis | 2 Debian Linux, Postgis | 2024-11-21 | 7.5 High |
| PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled. | ||||
| CVE-2017-18349 | 2 Alibaba, Pippo | 2 Fastjson, Pippo | 2024-11-21 | N/A |
| parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java. | ||||
| CVE-2017-18342 | 2 Fedoraproject, Pyyaml | 2 Fedora, Pyyaml | 2024-11-21 | 9.8 Critical |
| In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. | ||||
| CVE-2017-18320 | 1 Qualcomm | 64 Msm8996au, Msm8996au Firmware, Sd 410 and 61 more | 2024-11-21 | N/A |
| QSEE unload attempt on a 3rd party TEE without previously loading results in a data abort in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130. | ||||