Filtered by vendor Cpanel
Subscribe
Total
426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10846 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 8.5 HIGH | 8.1 HIGH |
cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79). | |||||
CVE-2016-10835 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). | |||||
CVE-2018-20895 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). | |||||
CVE-2016-10819 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125). | |||||
CVE-2017-18477 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206). | |||||
CVE-2017-18436 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.7 LOW | 3.5 LOW |
cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239). | |||||
CVE-2018-20944 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). | |||||
CVE-2016-10789 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191). | |||||
CVE-2019-14404 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). | |||||
CVE-2018-20865 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459). | |||||
CVE-2017-18440 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244). | |||||
CVE-2016-10827 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96). | |||||
CVE-2019-14403 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). | |||||
CVE-2018-20921 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375). | |||||
CVE-2016-10800 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138). | |||||
CVE-2017-18470 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196). | |||||
CVE-2016-10822 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88). | |||||
CVE-2016-10775 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.8 MEDIUM | 6.5 MEDIUM |
cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173). | |||||
CVE-2016-10852 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). | |||||
CVE-2017-18397 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). |