Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10839 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71). | |||||
| CVE-2016-10838 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 6.8 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70). | |||||
| CVE-2016-10836 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108). | |||||
| CVE-2017-18405 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345). | |||||
| CVE-2016-10793 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152). | |||||
| CVE-2017-18432 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 2.1 LOW | 7.8 HIGH |
| In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234). | |||||
| CVE-2016-10795 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156). | |||||
| CVE-2016-10800 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.8 MEDIUM | 7.8 HIGH |
| cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138). | |||||
| CVE-2016-10801 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 58.0.4 has improper session handling for shared users (SEC-139). | |||||
| CVE-2016-10803 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923). | |||||
| CVE-2018-20932 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406). | |||||
| CVE-2018-20931 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). | |||||
| CVE-2016-10790 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192). | |||||
| CVE-2016-10808 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 9.0 HIGH | 8.8 HIGH |
| In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113). | |||||
| CVE-2016-10812 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 9.0 HIGH | 8.8 HIGH |
| In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117). | |||||
| CVE-2018-20930 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). | |||||
| CVE-2018-20927 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 2.1 LOW | 3.8 LOW |
| cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). | |||||
| CVE-2018-20898 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). | |||||
| CVE-2018-20925 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379). | |||||
| CVE-2016-10842 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74). | |||||