Filtered by vendor Cpanel
Subscribe
Total
426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-18392 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 2.0 LOW |
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325). | |||||
CVE-2016-10795 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156). | |||||
CVE-2017-18383 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309). | |||||
CVE-2017-18460 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). | |||||
CVE-2018-20869 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). | |||||
CVE-2016-10770 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.5 MEDIUM | 6.5 MEDIUM |
cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164). | |||||
CVE-2017-18393 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326). | |||||
CVE-2019-14398 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498). | |||||
CVE-2016-10811 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116). | |||||
CVE-2019-14394 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). | |||||
CVE-2018-20942 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 1.9 LOW | 2.5 LOW |
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). | |||||
CVE-2019-14396 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495). | |||||
CVE-2016-10839 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71). | |||||
CVE-2017-18402 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336). | |||||
CVE-2017-18416 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.6 LOW | 5.5 MEDIUM |
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303). | |||||
CVE-2019-14413 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476). | |||||
CVE-2016-10780 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180). | |||||
CVE-2018-20898 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). | |||||
CVE-2018-20914 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.9 MEDIUM | 7.3 HIGH |
In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368). | |||||
CVE-2018-20874 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428). |