Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by . and then the attacker’s domain name.
CWE-20
CVE-2018-20860
libopenmpt before 0.3.13 allows a crash with malformed MED files.
CVE-2018-20861
libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files.
CVE-2018-20863
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452).
CVE-2018-20864
cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454).
CVE-2018-20800
An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table.