Total
417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20881 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446). | |||||
| CVE-2018-20880 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445). | |||||
| CVE-2018-20879 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444). | |||||
| CVE-2018-20878 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441). | |||||
| CVE-2018-20877 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437). | |||||
| CVE-2018-20876 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434). | |||||
| CVE-2018-20875 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433). | |||||
| CVE-2018-20874 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428). | |||||
| CVE-2018-20873 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). | |||||
| CVE-2018-20870 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467). | |||||
| CVE-2018-20869 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). | |||||
| CVE-2018-20868 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464). | |||||
| CVE-2018-20867 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). | |||||
| CVE-2018-20866 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461). | |||||
| CVE-2018-20865 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459). | |||||
| CVE-2018-20864 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454). | |||||
| CVE-2018-20863 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452). | |||||
| CVE-2018-20862 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366). | |||||
| CVE-2018-16236 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. | |||||
| CVE-2017-5614 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter. | |||||