Filtered by vendor Cpanel
Subscribe
Total
426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10779 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179). | |||||
CVE-2016-10824 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 9.3 HIGH | 9.8 CRITICAL |
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90). | |||||
CVE-2019-14391 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). | |||||
CVE-2018-20886 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.6 MEDIUM | 5.3 MEDIUM |
cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418). | |||||
CVE-2016-10786 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186). | |||||
CVE-2019-14406 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493). | |||||
CVE-2016-10809 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114). | |||||
CVE-2018-20878 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441). | |||||
CVE-2016-10829 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.8 MEDIUM | 6.5 MEDIUM |
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99). | |||||
CVE-2017-18461 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.0 MEDIUM | 4.3 MEDIUM |
cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). | |||||
CVE-2017-18410 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284). | |||||
CVE-2018-20887 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
cPanel before 74.0.0 allows SQL injection during database backups (SEC-420). | |||||
CVE-2018-20910 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357). | |||||
CVE-2017-18471 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197). | |||||
CVE-2018-20881 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446). | |||||
CVE-2019-14401 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480). | |||||
CVE-2017-18434 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237). | |||||
CVE-2017-18456 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). | |||||
CVE-2018-20909 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.6 LOW | 7.1 HIGH |
cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338). | |||||
CVE-2018-20905 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.5 MEDIUM | 5.4 MEDIUM |
cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429). |