Total
417 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-20914 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.9 MEDIUM | 7.3 HIGH |
In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368). | |||||
CVE-2016-10854 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87). | |||||
CVE-2017-18401 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334). | |||||
CVE-2018-20866 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461). | |||||
CVE-2017-18449 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). | |||||
CVE-2016-10840 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72). | |||||
CVE-2018-20876 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434). | |||||
CVE-2017-18471 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197). | |||||
CVE-2019-14388 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507). | |||||
CVE-2016-10855 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91). | |||||
CVE-2018-20915 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369). | |||||
CVE-2019-14398 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498). | |||||
CVE-2017-18465 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227). | |||||
CVE-2017-18412 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 1.9 LOW | 2.5 LOW |
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296). | |||||
CVE-2018-20895 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). | |||||
CVE-2017-18397 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 3.3 LOW |
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). | |||||
CVE-2016-10820 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31). | |||||
CVE-2019-14409 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466). | |||||
CVE-2017-18426 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288). | |||||
CVE-2018-20926 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380). |