Total
417 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-20865 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459). | |||||
CVE-2017-18423 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 3.3 LOW |
In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273). | |||||
CVE-2016-10821 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). | |||||
CVE-2019-14403 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). | |||||
CVE-2017-18466 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228). | |||||
CVE-2017-18390 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). | |||||
CVE-2019-14406 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493). | |||||
CVE-2019-14402 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 3.3 LOW |
cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481). | |||||
CVE-2016-10818 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). | |||||
CVE-2017-18436 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.7 LOW | 3.5 LOW |
cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239). | |||||
CVE-2018-20892 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439). | |||||
CVE-2017-18391 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 1.9 LOW | 2.5 LOW |
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323). | |||||
CVE-2017-18400 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333). | |||||
CVE-2016-10848 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81). | |||||
CVE-2017-18428 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 1.9 LOW | 2.5 LOW |
In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). | |||||
CVE-2018-20885 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). | |||||
CVE-2018-20905 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429). | |||||
CVE-2017-18420 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269). | |||||
CVE-2017-18404 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.9 MEDIUM | 3.1 LOW |
cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). | |||||
CVE-2018-20943 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 1.9 LOW | 2.5 LOW |
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). |