CVE-2019-14245
published 2019-08-21CVE-2019-14245: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the…
PriorityP336medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
1.86%
76.6th percentile
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| centos-webpanel | centos_web_panel | — | — |
| libsndfile_project | libsndfile | >= 0 < 1.0.25-10ubuntu0.16.04.3 | 1.0.25-10ubuntu0.16.04.3 |
| libsndfile_project | libsndfile | >= 0 < 1.0.25-7ubuntu2.2+esm1 | 1.0.25-7ubuntu2.2+esm1 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:P
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4vp3-jqp3-fqxc: In CentOS-WebPanel
ghsa_unreviewed·2022-05-24
CVE-2019-14245 [MEDIUM] CWE-639 GHSA-4vp3-jqp3-fqxc: In CentOS-WebPanel
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.
OSV
libsndfile vulnerabilities
osv·2021-01-26·CVSS 9.8
CVE-2017-12562 libsndfile vulnerabilities
libsndfile vulnerabilities
It was discovered that libsndfile incorrectly handled certain malformed
files. A remote attacker could use this issue to cause libsndfile to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2017-12562)
It was discovered that libsndfile incorrectly handled certain malformed
files. A remote attacker could use this issue to cause libsndfile to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.04 ESM. (CVE-2017-14245,
CVE-2017-14246, CVE-2017-14634, CVE-2017-16942, CVE-2017-6892,
CVE-2018-13139, CVE-2018-19432, CVE-2018-19661, CVE-2018-19662,
CVE-2018-19758, CVE-2019-3832)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/154155/CentOS-Control-Web-Panel-CWP-0.9.8.851-Arbitrary-Database-Drop.htmlhttp://packetstormsecurity.com/files/154155/CentOS-WebPanel.com-CentOS-Control-Web-Panel-CWP-0.9.8.851-Arbitrary-Database-Drop.htmlhttp://packetstormsecurity.com/files/154155/CentOS-WebPanel.com-Control-Web-Panel-CWP-0.9.8.851-Arbitrary-Database-Drop.htmlhttps://centos-webpanel.com/changelog-cwp7http://packetstormsecurity.com/files/154155/CentOS-Control-Web-Panel-CWP-0.9.8.851-Arbitrary-Database-Drop.htmlhttp://packetstormsecurity.com/files/154155/CentOS-WebPanel.com-CentOS-Control-Web-Panel-CWP-0.9.8.851-Arbitrary-Database-Drop.htmlhttp://packetstormsecurity.com/files/154155/CentOS-WebPanel.com-Control-Web-Panel-CWP-0.9.8.851-Arbitrary-Database-Drop.htmlhttps://centos-webpanel.com/changelog-cwp7
2019-08-21
Published