cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439).
NVD-CWE-noinfo
CVE-2018-20851
Helpy before 2.2.0 allows agents to edit admins.
CVE-2018-20853
An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks.
CVE-2018-20862
cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366).
CVE-2018-20799
In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for attackers to bypass intended access restrictions.
CVE-2018-20764
A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation.