Total
417 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-20902 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408). | |||||
CVE-2017-18382 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). | |||||
CVE-2018-20937 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | |||||
CVE-2019-14391 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 3.3 LOW |
cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). | |||||
CVE-2017-18408 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282). | |||||
CVE-2016-10802 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142). | |||||
CVE-2018-20875 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433). | |||||
CVE-2018-20921 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375). | |||||
CVE-2016-10850 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83). | |||||
CVE-2017-18461 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.0 MEDIUM | 4.3 MEDIUM |
cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). | |||||
CVE-2017-18482 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213). | |||||
CVE-2017-18480 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210). | |||||
CVE-2018-20890 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426). | |||||
CVE-2016-10830 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100). | |||||
CVE-2016-10773 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171). | |||||
CVE-2016-10803 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923). | |||||
CVE-2017-18467 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229). | |||||
CVE-2016-10797 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133). | |||||
CVE-2018-20946 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 3.3 LOW |
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). | |||||
CVE-2016-10858 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 9.3 HIGH | 9.8 CRITICAL |
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64). |