Weekly Vulnerabilities Reports > July 29 to August 4, 2019

A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21.

In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution.

A flaw was found in Jolokia versions from 1.2 to before 1.6.1.

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7.

A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges.

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts.

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1.

ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.

It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file.

cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79).

cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).

Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor.

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1.

It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification.

SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.

bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354).

A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21.

A vulnerability was found in liblouis, versions 2.5.x before 2.5.4.

An issue was discovered in Schism Tracker through 20190722.

An issue was discovered in Schism Tracker through 20190722.

ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow.

LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow.

fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow.

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process.

PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled.

On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.

On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.

Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive.

An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks.

The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password.

ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains a vulnerability that could allow remote attackers to execute arbitrary files by setting the arguments to the ActiveX method.

cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238).

An issue was discovered in The Sleuth Kit (TSK) 4.6.6.

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4.

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4.

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4.

A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions).

It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5.

Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.

An issue was discovered in Poppler through 0.78.0.

cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378).

cPanel before 74.0.0 allows SQL injection during database backups (SEC-420).

An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8.

nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).

An issue was discovered in Das U-Boot through 2019.07.

An issue was discovered in Das U-Boot through 2019.07.

An issue was discovered in Das U-Boot through 2019.07.

An issue was discovered in Das U-Boot through 2019.07.

An issue was discovered in Das U-Boot through 2019.07.

An issue was discovered in Das U-Boot through 2019.07.

An issue was discovered in Das U-Boot through 2019.07.

An issue was discovered in Das U-Boot through 2019.07.

An issue was discovered in Das U-Boot through 2019.07.

An issue was discovered in Das U-Boot through 2019.07.

An issue was discovered in Das U-Boot through 2019.07.

An issue was discovered in Das U-Boot through 2019.07.

OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker.

An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1.

A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20.

cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452).

edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2.

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.

An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request.

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.

yard before 0.9.20 allows path traversal.

It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources.

A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0.

One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks.

cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225).

cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221).

cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220).

cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237).

cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333).

cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).

cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).

cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380).

In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter.

The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials.

An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection.

cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479).

cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465).

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1.

Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts.

Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in the privilege tree.

IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id in cobc/typeck.c via crafted COBOL source code.

GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/scanner.l via crafted COBOL source code.

cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).

GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c via crafted COBOL source code.

cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).

Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account.

GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via crafted COBOL source code.

Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4.

An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4.

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4.

An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4.

CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.

Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process.

In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on root_squash, weak file permissions ("other" write access) occur in certain cases (GE-6890).

edx-platform before 2016-06-06 allows CSRF.

cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447).

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code.

In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs.

cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251).

cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250).

cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243).

cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).

cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).

cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).

cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).

cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).

cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).

cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).

cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).

cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).

cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78).

cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362).

cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359).

In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393).

cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444).

It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files.

Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file.

SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser.

Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log.

J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.

DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.

libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files.

libopenmpt before 0.3.13 allows a crash with malformed MED files.

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform.

A vulnerability was found in postgresql versions 11.x prior to 11.3.

cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487).

cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480).

cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498).

cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501).

An issue was discovered in Libav 12.3.

In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption.

An issue was discovered in Libav 12.3.

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.

Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file.

edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.

SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority.

cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).

cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401).

An issue was discovered in Das U-Boot through 2019.07.

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1.

cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454).

The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal.

A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options.

A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information.

edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.

The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477).

A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode.

A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request.

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.

cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300).

cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279).

When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly.

cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392).

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates.

An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.

All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop.

cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462).

The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php mishandle ../ in an HTTP Referer header.

invenio-app before 1.1.1 allows host header injection.

ASH-AIO before 2.0.0.3 allows an open redirect.

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes.

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks.

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a denial of service.

DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331).

cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).

cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).

cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80).

cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76).

cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71).

cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429).

cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66).

cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65).

XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow.

Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log.

Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system.

Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export.

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution.

Double Free in VLC versions <= 3.0.6 leads to a crash.

apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.

docker-credential-helpers before 0.6.3 has a double free in the List functions.

A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session.

A vulnerability exists in the garbage collection mechanism of atomic-openshift.

Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables.

A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser.

Cross-site scripting (XSS) vulnerability in min-http-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser.

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.

An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input.

A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.

A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.

A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.

An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.

A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules.

The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and the phone number (if VoIP is in use).

cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223).

cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257).

cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252).

cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248).

cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247).

cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246).

cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941).

Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers.

cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276).

An issue was discovered in OpenCV before 4.1.1.

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1.

cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).

cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221).

cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416).

IBM StoreIQ 7.6.0.0.

Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control.

cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473).

cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496).

cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507).

libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot.

The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk.

An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4.

edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address.

HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits (including self-hosted ones) by brute-forcing the username after the /u/ initial URI substring, aka Response Discrepancy Information Exposure.

Fleet before 2.1.2 allows exposure of SMTP credentials.

Tridactyl before 1.16.0 allows fake key events.

Pterodactyl before 0.7.14 with 2FA allows credential sniffing.

graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT.

parse-server before 3.6.0 allows account enumeration.

parse-server before 3.4.1 allows DoS after any POST to a volatile class.

cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218).

cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341).

cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).

In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).

cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436).

cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424).

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices.

Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form.

Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer.

cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484).

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1.

cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349).

cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259).

In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294).

cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302).

In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299).

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain.

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain.

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files.

cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309).

cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379).

cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418).

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices.

Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML.

A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17.

cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486).

See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to.

cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255).

pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element.

A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation.

The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected.

cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217).

Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker.

cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332).

pandao Editor.md 1.5.0 allows XSS via the Javas&#99;ript: string.

cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).

cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).

cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).

cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385).

cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383).

cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391).

Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO.

TestLink 1.9.19 has XSS via the error.php message parameter.

cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377).

cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376).

cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375).

cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374).

cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373).

cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372).

cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357).

cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421).

cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400).

Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users.

cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399).

cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398).

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices.

DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649.

An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1.

IBM StoreIQ 7.6.0.0.

Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission.

A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries.

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins.

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages.

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.

libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files.

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation.

cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493).

cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483).

cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464).

cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461).

cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459).

cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).

A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows attackers to change the plugin settings.

Planon before Live Build 41 has XSS.

Imgix through 2019-06-19 allows remote attackers to cause a denial of service (resource consumption) by manipulating a small JPEG file to specify dimensions of 64250x64250 pixels, which is mishandled during an attempt to load the 'whole image' into memory.

edx-platform before 2015-09-17 allows XSS via a team name.

stacktable.js before 1.0.4 allows XSS.

invenio-previewer before 1.0.0a12 allows XSS.

Misskey before 10.102.4 allows hijacking a user's token.

An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

An information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208).

cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260).

cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249).

cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245).

cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244).

cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).

The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285).

In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284).

In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283).

cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334).

cPanel before 68.0.15 does not block a username of ssl (SEC-328).

cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327).

cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).

cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).

In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).

In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).

cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124).

cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).

cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).

cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).

cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321).

cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).

cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102).

cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).

cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82).

The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77).

cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74).

cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108).

cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432).

cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430).

cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427).

cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60).

cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29).

cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85).

cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396).

cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439).

cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426).

cPanel before 74.0.8 allows FTP access during account suspension (SEC-449).

An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7.

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7.

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7.

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7.

A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events.

A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17.

cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476).

cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460).

cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415).

An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4.

The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials

cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219).

cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).

cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303).

cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338).

cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425).

Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider.

A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.

A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 when the feature that adds a secret key to the Admin URL is disabled.

A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262).

cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269).

cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).

cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).

cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).

cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282).

cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336).

A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016.

cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).

cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).

cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).

cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).

cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).

cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370).

cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369).

cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364).

cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).

cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86).

cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).

cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367).

cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446).

cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441).

cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437).

cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434).

cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).

cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428).

Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging.

Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks via a crafted sales transaction.

IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim.

cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512).

cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504).

Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files.

edx-platform before 2015-08-17 allows XSS in the Studio listing of courses.

Dependency-Track before 3.5.1 allows XSS.

invenio-communities before 1.0.0a20 allows XSS.

invenio-records before 1.2.2 allows XSS.

A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'.

cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395).

cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394).

Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied.

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS.

cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239).

It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class.

A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers.

cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254).

In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234).

In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291).

In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289).

In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).

In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).

In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272).

cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271).

cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345).

cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).

cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).

cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).

cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).

cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).

cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355).

cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353).

cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342).

cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).

cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).

cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).

The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73).

cPanel before 70.0.23 allows any user to disable Solr (SEC-371).

cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435).

cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408).

cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443).

cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices.

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices.

An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices.

cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445).

cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409).

OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server.

Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved.

Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time.

In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478).

Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474).

Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472).

cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466).

cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481).

API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495).

cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494).

cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489).

The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467).

cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366).

cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514).

cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510).

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).

In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).

IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file.

cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).

cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).

cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).

cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).