Total
417 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-20882 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.6 MEDIUM | 6.8 MEDIUM |
cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). | |||||
CVE-2017-18432 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234). | |||||
CVE-2018-20936 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 3.3 LOW |
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). | |||||
CVE-2016-10767 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159). | |||||
CVE-2017-18402 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336). | |||||
CVE-2016-10780 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180). | |||||
CVE-2016-10810 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115). | |||||
CVE-2018-20906 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430). | |||||
CVE-2017-18479 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209). | |||||
CVE-2018-20900 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399). | |||||
CVE-2016-10793 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152). | |||||
CVE-2018-20889 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.6 LOW | 4.4 MEDIUM |
cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425). | |||||
CVE-2017-18453 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). | |||||
CVE-2016-10836 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108). | |||||
CVE-2018-20951 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). | |||||
CVE-2019-14408 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460). | |||||
CVE-2017-18395 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
cPanel before 68.0.15 does not block a username of ssl (SEC-328). | |||||
CVE-2017-18392 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 2.0 LOW |
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325). | |||||
CVE-2017-18431 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941). | |||||
CVE-2018-20884 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367). |