| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The patch is named cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244483. |
| An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response. |
| Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode. |
| An issue was discovered in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer. |
| Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. |
| NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication bypass. |
| Certain NETGEAR devices are affected by authentication bypass. This affects GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6. |
| NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass. |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder via a connection to an external device. The Samsung ID is SVE-2018-11766 (August 2018). |
| An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app's startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018). |
| The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads. |
| The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks. |
| The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys. |
| bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). |
| cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). |
| cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). |
| cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). |
| cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). |
| cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). |
| cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426). |
