Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Cpanel Subscribe
Filtered by product Cpanel
Total 416 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-20874 1 Cpanel 1 Cpanel 2019-08-06 3.5 LOW 5.4 MEDIUM
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428).
CVE-2018-20891 1 Cpanel 1 Cpanel 2019-08-06 4.9 MEDIUM 5.5 MEDIUM
cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436).
CVE-2018-20893 1 Cpanel 1 Cpanel 2019-08-06 2.1 LOW 2.3 LOW
cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).
CVE-2016-10813 1 Cpanel 1 Cpanel 2019-08-06 3.5 LOW 5.4 MEDIUM
cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).
CVE-2017-18382 1 Cpanel 1 Cpanel 2019-08-06 4.0 MEDIUM 2.7 LOW
cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).
CVE-2017-18383 1 Cpanel 1 Cpanel 2019-08-06 4.6 MEDIUM 7.8 HIGH
cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309).
CVE-2017-18384 1 Cpanel 1 Cpanel 2019-08-06 2.1 LOW 3.8 LOW
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).
CVE-2017-18385 1 Cpanel 1 Cpanel 2019-08-06 2.1 LOW 5.5 MEDIUM
cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).
CVE-2017-18386 1 Cpanel 1 Cpanel 2019-08-06 9.0 HIGH 7.2 HIGH
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).
CVE-2017-18422 1 Cpanel 1 Cpanel 2019-08-05 2.1 LOW 3.3 LOW
In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272).
CVE-2017-18424 1 Cpanel 1 Cpanel 2019-08-05 2.1 LOW 3.3 LOW
In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).
CVE-2017-18423 1 Cpanel 1 Cpanel 2019-08-05 2.1 LOW 3.3 LOW
In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).
CVE-2017-18421 1 Cpanel 1 Cpanel 2019-08-05 2.1 LOW 3.3 LOW
cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271).
CVE-2016-10850 1 Cpanel 1 Cpanel 2019-08-05 9.0 HIGH 8.8 HIGH
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83).
CVE-2018-20900 1 Cpanel 1 Cpanel 2019-08-05 4.3 MEDIUM 6.1 MEDIUM
cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399).
CVE-2016-10854 1 Cpanel 1 Cpanel 2019-08-05 3.5 LOW 5.4 MEDIUM
cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).
CVE-2016-10851 1 Cpanel 1 Cpanel 2019-08-05 3.5 LOW 5.4 MEDIUM
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).
CVE-2016-10855 1 Cpanel 1 Cpanel 2019-08-05 10.0 HIGH 9.8 CRITICAL
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).
CVE-2016-10820 1 Cpanel 1 Cpanel 2019-08-05 9.0 HIGH 8.8 HIGH
cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).
CVE-2016-10815 1 Cpanel 1 Cpanel 2019-08-05 4.0 MEDIUM 6.5 MEDIUM
cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).