Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Cpanel Subscribe
Total 425 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-10817 1 Cpanel 1 Cpanel 2019-08-05 10.0 HIGH 9.8 CRITICAL
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).
CVE-2016-10819 1 Cpanel 1 Cpanel 2019-08-05 4.0 MEDIUM 6.5 MEDIUM
In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).
CVE-2016-10816 1 Cpanel 1 Cpanel 2019-08-05 6.5 MEDIUM 8.8 HIGH
cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).
CVE-2016-10820 1 Cpanel 1 Cpanel 2019-08-05 9.0 HIGH 8.8 HIGH
cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).
CVE-2016-10815 1 Cpanel 1 Cpanel 2019-08-05 4.0 MEDIUM 6.5 MEDIUM
cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).
CVE-2016-10821 1 Cpanel 1 Cpanel 2019-08-05 4.0 MEDIUM 6.5 MEDIUM
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).
CVE-2017-18440 1 Cpanel 1 Cpanel 2019-08-05 4.0 MEDIUM 4.3 MEDIUM
cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244).
CVE-2016-10826 1 Cpanel 1 Cpanel 2019-08-05 6.5 MEDIUM 8.8 HIGH
cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).
CVE-2017-18451 1 Cpanel 1 Cpanel 2019-08-05 5.0 MEDIUM 5.3 MEDIUM
cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257).
CVE-2017-18453 1 Cpanel 1 Cpanel 2019-08-05 4.0 MEDIUM 4.9 MEDIUM
cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260).
CVE-2017-18417 1 Cpanel 1 Cpanel 2019-08-05 3.5 LOW 5.4 MEDIUM
cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).
CVE-2017-18418 1 Cpanel 1 Cpanel 2019-08-05 3.5 LOW 5.4 MEDIUM
cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).
CVE-2017-18419 1 Cpanel 1 Cpanel 2019-08-05 3.5 LOW 5.4 MEDIUM
cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).
CVE-2017-18420 1 Cpanel 1 Cpanel 2019-08-05 3.5 LOW 5.4 MEDIUM
cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269).
CVE-2018-20883 1 Cpanel 1 Cpanel 2019-08-02 4.0 MEDIUM 6.5 MEDIUM
cPanel before 74.0.8 allows FTP access during account suspension (SEC-449).
CVE-2018-20901 1 Cpanel 1 Cpanel 2019-08-02 4.3 MEDIUM 6.1 MEDIUM
cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400).
CVE-2018-20902 1 Cpanel 1 Cpanel 2019-08-02 2.1 LOW 5.5 MEDIUM
cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408).
CVE-2018-20903 1 Cpanel 1 Cpanel 2019-08-02 4.3 MEDIUM 6.1 MEDIUM
cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421).
CVE-2018-20911 1 Cpanel 1 Cpanel 2019-08-02 6.5 MEDIUM 7.2 HIGH
cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359).
CVE-2018-20912 1 Cpanel 1 Cpanel 2019-08-02 6.5 MEDIUM 6.3 MEDIUM
cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362).