Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Cpanel Subscribe
Filtered by product Cpanel
Total 416 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18387 1 Cpanel 1 Cpanel 2019-08-12 9.0 HIGH 7.2 HIGH
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).
CVE-2018-20934 1 Cpanel 1 Cpanel 2019-08-12 6.4 MEDIUM 6.5 MEDIUM
cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).
CVE-2018-20943 1 Cpanel 1 Cpanel 2019-08-09 1.9 LOW 2.5 LOW
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).
CVE-2016-10858 1 Cpanel 1 Cpanel 2019-08-09 9.3 HIGH 9.8 CRITICAL
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).
CVE-2017-18388 1 Cpanel 1 Cpanel 2019-08-09 7.2 HIGH 7.8 HIGH
cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).
CVE-2017-18391 1 Cpanel 1 Cpanel 2019-08-09 1.9 LOW 2.5 LOW
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).
CVE-2017-18425 1 Cpanel 1 Cpanel 2019-08-09 1.9 LOW 2.5 LOW
In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).
CVE-2017-18426 1 Cpanel 1 Cpanel 2019-08-09 4.0 MEDIUM 2.7 LOW
cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).
CVE-2016-10771 1 Cpanel 1 Cpanel 2019-08-09 5.5 MEDIUM 8.1 HIGH
cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165).
CVE-2016-10772 1 Cpanel 1 Cpanel 2019-08-09 2.1 LOW 3.3 LOW
cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168).
CVE-2016-10857 1 Cpanel 1 Cpanel 2019-08-09 4.0 MEDIUM 6.5 MEDIUM
cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60).
CVE-2016-10773 1 Cpanel 1 Cpanel 2019-08-09 6.5 MEDIUM 8.8 HIGH
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).
CVE-2016-10786 1 Cpanel 1 Cpanel 2019-08-09 4.0 MEDIUM 6.5 MEDIUM
cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186).
CVE-2016-10787 1 Cpanel 1 Cpanel 2019-08-09 5.5 MEDIUM 8.1 HIGH
The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187).
CVE-2016-10767 1 Cpanel 1 Cpanel 2019-08-09 3.5 LOW 5.4 MEDIUM
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159).
CVE-2016-10788 1 Cpanel 1 Cpanel 2019-08-09 9.0 HIGH 8.8 HIGH
cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188).
CVE-2016-10774 1 Cpanel 1 Cpanel 2019-08-09 3.5 LOW 5.4 MEDIUM
cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172).
CVE-2016-10779 1 Cpanel 1 Cpanel 2019-08-09 3.5 LOW 5.4 MEDIUM
cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179).
CVE-2016-10789 1 Cpanel 1 Cpanel 2019-08-09 6.5 MEDIUM 8.8 HIGH
cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191).
CVE-2016-10770 1 Cpanel 1 Cpanel 2019-08-09 5.5 MEDIUM 6.5 MEDIUM
cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164).