Filtered by vendor Cpanel
Subscribe
Total
426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-18425 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 1.9 LOW | 2.5 LOW |
In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). | |||||
CVE-2017-18390 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). | |||||
CVE-2018-20938 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). | |||||
CVE-2018-20943 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 1.9 LOW | 2.5 LOW |
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). | |||||
CVE-2017-18465 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227). | |||||
CVE-2018-20912 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 6.3 MEDIUM |
cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362). | |||||
CVE-2016-10843 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76). | |||||
CVE-2016-10791 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559). | |||||
CVE-2018-20953 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389). | |||||
CVE-2017-18429 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). | |||||
CVE-2016-10803 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923). | |||||
CVE-2018-20901 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400). | |||||
CVE-2018-20903 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421). | |||||
CVE-2016-10772 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168). | |||||
CVE-2017-18423 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273). | |||||
CVE-2019-14402 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481). | |||||
CVE-2018-20885 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). | |||||
CVE-2016-10799 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137). | |||||
CVE-2018-20908 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435). | |||||
CVE-2019-14414 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478). |