Vulnerabilities (CVE)

Filtered by vendor Cpanel Subscribe
Filtered by product Cpanel
Total 417 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-10115 1 Cpanel 1 Cpanel 2024-11-21 9.0 HIGH 7.2 HIGH
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537).
CVE-2020-10114 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).
CVE-2020-10113 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).
CVE-2019-20498 1 Cpanel 1 Cpanel 2024-11-21 7.5 HIGH 9.8 CRITICAL
cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534).
CVE-2019-20497 1 Cpanel 1 Cpanel 2024-11-21 3.5 LOW 5.4 MEDIUM
cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533).
CVE-2019-20496 1 Cpanel 1 Cpanel 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532).
CVE-2019-20495 1 Cpanel 1 Cpanel 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531).
CVE-2019-20494 1 Cpanel 1 Cpanel 2024-11-21 2.1 LOW 3.3 LOW
In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).
CVE-2019-20493 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520).
CVE-2019-20492 1 Cpanel 1 Cpanel 2024-11-21 6.5 MEDIUM 8.8 HIGH
cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516).
CVE-2019-20491 1 Cpanel 1 Cpanel 2024-11-21 5.5 MEDIUM 5.4 MEDIUM
cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508).
CVE-2019-20490 1 Cpanel 1 Cpanel 2024-11-21 6.5 MEDIUM 8.8 HIGH
cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499).
CVE-2019-17380 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
CVE-2019-17379 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).
CVE-2019-17378 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526).
CVE-2019-17377 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524).
CVE-2019-17376 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521).
CVE-2019-17375 1 Cpanel 1 Cpanel 2024-11-21 6.5 MEDIUM 8.8 HIGH
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).
CVE-2019-14414 1 Cpanel 1 Cpanel 2024-11-21 2.1 LOW 3.3 LOW
In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478).
CVE-2019-14413 1 Cpanel 1 Cpanel 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476).