Filtered by vendor Cpanel
Subscribe
Total
426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20946 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). | |||||
| CVE-2017-18466 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228). | |||||
| CVE-2016-10848 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
| cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81). | |||||
| CVE-2018-20939 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). | |||||
| CVE-2016-10820 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31). | |||||
| CVE-2017-18453 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). | |||||
| CVE-2018-20948 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). | |||||
| CVE-2017-18450 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.4 MEDIUM | 4.5 MEDIUM |
| cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255). | |||||
| CVE-2016-10816 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121). | |||||
| CVE-2017-18442 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). | |||||
| CVE-2019-14409 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466). | |||||
| CVE-2016-10845 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78). | |||||
| CVE-2018-20900 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399). | |||||
| CVE-2019-14397 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496). | |||||
| CVE-2016-10794 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154). | |||||
| CVE-2019-14412 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474). | |||||
| CVE-2017-18431 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941). | |||||
| CVE-2018-16236 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. | |||||
| CVE-2017-11441 | 1 Cpanel | 1 Whm | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297. | |||||
| CVE-2017-5613 | 1 Cpanel | 2 Cgiecho, Cgiemail | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file. | |||||