CVE-2020-1720
A flaw was found in PostgreSQL’s "ALTER … DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as...
Monthly Archive: March 2020
CVE-2020-10659
Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with a web site that has an invalid...
CVE-2020-10596
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users’ image upload section. Date published : 2020-03-17 http://packetstormsecurity.com/files/157908/OpenCart-3.0.3.2-Cross-Site-Scripting.html https://github.com/opencart/opencart/issues/7810
CVE-2020-10380
RMySQL through 0.10.19 allows SQL Injection. Date published : 2020-03-17 https://github.com/r-dbi/RMySQL/blob/master/NEWS.md
CVE-2020-10122
cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547). Date published : 2020-03-17 https://documentation.cpanel.net/display/CL/84+Change+Log
CVE-2020-10121
cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546). Date published : 2020-03-17 https://documentation.cpanel.net/display/CL/84+Change+Log
CVE-2020-10120
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545). Date published : 2020-03-17 https://documentation.cpanel.net/display/CL/84+Change+Log
CVE-2020-10119
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544). Date published : 2020-03-17 https://documentation.cpanel.net/display/CL/84+Change+Log
CVE-2020-10118
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543). Date published : 2020-03-17 https://documentation.cpanel.net/display/CL/84+Change+Log
CVE-2020-10117
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542). Date published : 2020-03-17 https://documentation.cpanel.net/display/CL/84+Change+Log
CVE-2020-10116
cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541). Date published : 2020-03-17 https://documentation.cpanel.net/display/CL/84+Change+Log
CVE-2020-10115
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537). Date published : 2020-03-17 https://documentation.cpanel.net/display/CL/84+Change+Log
CVE-2020-10114
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535). Date published : 2020-03-17 https://documentation.cpanel.net/display/CL/84+Change+Log
CVE-2020-10113
cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515). Date published : 2020-03-17 https://documentation.cpanel.net/display/CL/84+Change+Log