Security Vulnerabilities - CVEs Published In August 2019
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is use of weak ciphers for SSH such as diffie-hellman-group1-sha1.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-08-01
cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409).
CVSS Score
3.3
EPSS Score
0.0
Published
2019-08-01
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428).
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-01
cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-01
cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434).
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-01
cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437).
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-01
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441).
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-01
cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444).
CVSS Score
6.3
EPSS Score
0.005
Published
2019-08-01
cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445).
CVSS Score
3.3
EPSS Score
0.001
Published
2019-08-01
cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446).
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-01