Filtered by vendor Cpanel
Subscribe
Total
426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20928 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391). | |||||
| CVE-2017-18470 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
| cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196). | |||||
| CVE-2016-10849 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82). | |||||
| CVE-2017-18440 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244). | |||||
| CVE-2016-10799 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137). | |||||
| CVE-2018-20869 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). | |||||
| CVE-2016-10852 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). | |||||
| CVE-2018-20879 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444). | |||||
| CVE-2019-14397 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496). | |||||
| CVE-2018-20945 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 7.9 HIGH | 5.7 MEDIUM |
| bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). | |||||
| CVE-2017-18459 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). | |||||
| CVE-2016-10844 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77). | |||||
| CVE-2018-20942 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 1.9 LOW | 2.5 LOW |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). | |||||
| CVE-2016-10804 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 8.7 HIGH | 8.1 HIGH |
| The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58). | |||||
| CVE-2018-20920 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374). | |||||
| CVE-2019-14392 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501). | |||||
| CVE-2018-20939 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). | |||||
| CVE-2016-10783 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182). | |||||
| CVE-2016-10813 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118). | |||||
| CVE-2018-20911 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359). | |||||