Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10816 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121). | |||||
| CVE-2016-10817 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 10.0 HIGH | 9.8 CRITICAL |
| cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123). | |||||
| CVE-2016-10818 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). | |||||
| CVE-2016-10819 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125). | |||||
| CVE-2016-10821 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). | |||||
| CVE-2016-10826 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93). | |||||
| CVE-2017-18440 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244). | |||||
| CVE-2017-18453 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 4.0 MEDIUM | 4.9 MEDIUM |
| cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). | |||||
| CVE-2017-18451 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257). | |||||
| CVE-2017-18417 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263). | |||||
| CVE-2017-18418 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265). | |||||
| CVE-2017-18419 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266). | |||||
| CVE-2017-18420 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269). | |||||
| CVE-2018-20883 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). | |||||
| CVE-2018-20901 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400). | |||||
| CVE-2018-20902 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408). | |||||
| CVE-2018-20903 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421). | |||||
| CVE-2018-20911 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 6.5 MEDIUM | 7.2 HIGH |
| cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359). | |||||
| CVE-2018-20912 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362). | |||||
| CVE-2018-20913 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 3.5 LOW | 4.9 MEDIUM |
| cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364). | |||||