Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20928 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391). | |||||
| CVE-2016-10837 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 8.5 HIGH | 7.5 HIGH |
| cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46). | |||||
| CVE-2018-20924 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 7.5 HIGH | 5.5 MEDIUM |
| cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). | |||||
| CVE-2018-20890 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426). | |||||
| CVE-2016-10844 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77). | |||||
| CVE-2018-20882 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 6.6 MEDIUM | 6.8 MEDIUM |
| cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). | |||||
| CVE-2016-10848 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 9.0 HIGH | 7.2 HIGH |
| cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81). | |||||
| CVE-2016-10847 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80). | |||||
| CVE-2016-10841 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 2.1 LOW | 5.3 MEDIUM |
| The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73). | |||||
| CVE-2018-20897 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.3 LOW | 2.8 LOW |
| cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395). | |||||
| CVE-2018-20899 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398). | |||||
| CVE-2017-18389 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318). | |||||
| CVE-2017-18390 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). | |||||
| CVE-2018-20873 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 2.1 LOW | 3.3 LOW |
| cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). | |||||
| CVE-2016-10859 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65). | |||||
| CVE-2017-18443 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.0 MEDIUM | 5.8 MEDIUM |
| cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247). | |||||
| CVE-2016-10853 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86). | |||||
| CVE-2016-10852 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). | |||||
| CVE-2017-18447 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251). | |||||
| CVE-2017-18448 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252). | |||||