Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18397 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). | |||||
| CVE-2016-10814 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119). | |||||
| CVE-2017-18401 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334). | |||||
| CVE-2016-10794 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154). | |||||
| CVE-2016-10792 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141). | |||||
| CVE-2016-10791 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559). | |||||
| CVE-2017-18431 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941). | |||||
| CVE-2017-18402 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336). | |||||
| CVE-2017-18404 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.9 MEDIUM | 3.1 LOW |
| cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). | |||||
| CVE-2017-18403 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337). | |||||
| CVE-2017-18396 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.9 MEDIUM | 5.5 MEDIUM |
| cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329). | |||||
| CVE-2017-18395 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 does not block a username of ssl (SEC-328). | |||||
| CVE-2017-18394 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327). | |||||
| CVE-2017-18393 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326). | |||||
| CVE-2017-18392 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 2.1 LOW | 2.0 LOW |
| cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325). | |||||
| CVE-2018-20945 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 7.9 HIGH | 5.7 MEDIUM |
| bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). | |||||
| CVE-2016-10796 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 2.1 LOW | 3.3 LOW |
| cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130). | |||||
| CVE-2016-10798 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.9 MEDIUM | 6.8 MEDIUM |
| cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134). | |||||
| CVE-2016-10797 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133). | |||||
| CVE-2016-10799 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137). | |||||