Security Vulnerabilities - CVEs Published In August 2019
cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).
CVSS Score
5.5
EPSS Score
0.001
Published
2019-08-02
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).
CVSS Score
7.2
EPSS Score
0.02
Published
2019-08-02
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).
CVSS Score
7.2
EPSS Score
0.02
Published
2019-08-02
cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).
CVSS Score
7.8
EPSS Score
0.001
Published
2019-08-02
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).
CVSS Score
6.3
EPSS Score
0.004
Published
2019-08-02
cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).
CVSS Score
7.8
EPSS Score
0.001
Published
2019-08-02
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).
CVSS Score
2.5
EPSS Score
0.001
Published
2019-08-02
An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c.
CVSS Score
7.8
EPSS Score
0.004
Published
2019-08-02
An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465.
CVSS Score
7.8
EPSS Score
0.005
Published
2019-08-02
pandao Editor.md 1.5.0 allows XSS via the Javascript: string.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-01