Total
417 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-20878 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441). | |||||
CVE-2019-14400 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479). | |||||
CVE-2016-10860 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66). | |||||
CVE-2017-18478 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207). | |||||
CVE-2018-20953 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389). | |||||
CVE-2017-18473 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199). | |||||
CVE-2018-20899 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398). | |||||
CVE-2016-10824 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 9.3 HIGH | 9.8 CRITICAL |
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90). | |||||
CVE-2017-18425 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 1.9 LOW | 2.5 LOW |
In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). | |||||
CVE-2017-18460 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). | |||||
CVE-2019-14404 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). | |||||
CVE-2019-14399 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.1 MEDIUM | 7.1 HIGH |
The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477). | |||||
CVE-2017-18388 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315). | |||||
CVE-2016-10777 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177). | |||||
CVE-2017-18443 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.0 MEDIUM | 5.8 MEDIUM |
cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247). | |||||
CVE-2016-10791 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559). | |||||
CVE-2017-18454 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262). | |||||
CVE-2018-20886 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.6 MEDIUM | 5.3 MEDIUM |
cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418). | |||||
CVE-2019-14395 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 3.3 LOW |
cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). | |||||
CVE-2016-10853 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86). |