Filtered by vendor Cpanel
Subscribe
Total
426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10858 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 9.3 HIGH | 9.8 CRITICAL |
| cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64). | |||||
| CVE-2016-10833 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104). | |||||
| CVE-2018-20917 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 70.0.23 allows any user to disable Solr (SEC-371). | |||||
| CVE-2018-20935 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412). | |||||
| CVE-2019-14411 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473). | |||||
| CVE-2016-10792 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141). | |||||
| CVE-2019-14393 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.6 MEDIUM | 5.3 MEDIUM |
| cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486). | |||||
| CVE-2017-18433 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236). | |||||
| CVE-2018-20949 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). | |||||
| CVE-2017-18427 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289). | |||||
| CVE-2018-20945 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 7.9 HIGH | 5.7 MEDIUM |
| bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). | |||||
| CVE-2016-10841 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 5.3 MEDIUM |
| The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73). | |||||
| CVE-2017-18459 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). | |||||
| CVE-2016-10828 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97). | |||||
| CVE-2017-18444 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248). | |||||
| CVE-2018-20931 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). | |||||
| CVE-2019-14389 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
| cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510). | |||||
| CVE-2017-18407 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.8 MEDIUM | 4.8 MEDIUM |
| cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279). | |||||
| CVE-2018-20882 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.6 MEDIUM | 6.8 MEDIUM |
| cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). | |||||
| CVE-2016-10771 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165). | |||||