Filtered by vendor Cpanel
Subscribe
Total
426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10814 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119). | |||||
CVE-2018-20862 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366). | |||||
CVE-2016-10797 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133). | |||||
CVE-2016-10853 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86). | |||||
CVE-2019-14386 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). | |||||
CVE-2017-18478 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207). | |||||
CVE-2017-18437 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.6 LOW | 4.4 MEDIUM |
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240). | |||||
CVE-2016-10796 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130). | |||||
CVE-2018-20951 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). | |||||
CVE-2016-10836 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108). | |||||
CVE-2017-18400 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333). | |||||
CVE-2017-18430 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.6 MEDIUM | 4.7 MEDIUM |
In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294). | |||||
CVE-2017-18403 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 6.3 MEDIUM |
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337). | |||||
CVE-2017-18391 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 1.9 LOW | 2.5 LOW |
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323). | |||||
CVE-2017-18394 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327). | |||||
CVE-2018-20941 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.7 MEDIUM | 5.6 MEDIUM |
cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349). | |||||
CVE-2016-10849 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82). | |||||
CVE-2019-14408 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460). | |||||
CVE-2016-10837 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 8.5 HIGH | 7.5 HIGH |
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46). | |||||
CVE-2017-18469 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 6.3 MEDIUM |
cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233). |