Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Total 315234 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-26116 7 Canonical, Debian, Fedoraproject and 4 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2024-11-21 6.4 MEDIUM 7.2 HIGH
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
CVE-2020-26115 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574).
CVE-2020-26114 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).
CVE-2020-26113 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569).
CVE-2020-26112 1 Cpanel 1 Cpanel 2024-11-21 5.0 MEDIUM 7.5 HIGH
The email quota cache in cPanel before 90.0.10 allows overwriting of files.
CVE-2020-26111 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566).
CVE-2020-26110 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564).
CVE-2020-26109 1 Cpanel 1 Cpanel 2024-11-21 5.0 MEDIUM 7.5 HIGH
cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557).
CVE-2020-26108 1 Cpanel 1 Cpanel 2024-11-21 7.5 HIGH 9.8 CRITICAL
cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).
CVE-2020-26107 1 Cpanel 1 Cpanel 2024-11-21 5.0 MEDIUM 7.5 HIGH
cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561).
CVE-2020-26106 1 Cpanel 1 Cpanel 2024-11-21 5.0 MEDIUM 7.5 HIGH
cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558).
CVE-2020-26105 1 Cpanel 1 Cpanel 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).
CVE-2020-26104 1 Cpanel 1 Cpanel 2024-11-21 5.0 MEDIUM 7.5 HIGH
In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552).
CVE-2020-26103 1 Cpanel 1 Cpanel 2024-11-21 5.0 MEDIUM 7.5 HIGH
In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551).
CVE-2020-26102 1 Cpanel 1 Cpanel 2024-11-21 5.0 MEDIUM 7.5 HIGH
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550).
CVE-2020-26101 1 Cpanel 1 Cpanel 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549).
CVE-2020-26100 1 Cpanel 1 Cpanel 2024-11-21 7.5 HIGH 9.8 CRITICAL
chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).
CVE-2020-26099 1 Cpanel 1 Cpanel 2024-11-21 5.0 MEDIUM 7.5 HIGH
cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491).
CVE-2020-26098 1 Cpanel 1 Cpanel 2024-11-21 7.5 HIGH 9.8 CRITICAL
cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).
CVE-2020-26097 1 Planet 4 Nvr-1615, Nvr-1615 Firmware, Nvr-915 and 1 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.