Total
416 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-38587 | 1 Cpanel | 1 Cpanel | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586). | |||||
CVE-2021-38590 | 1 Cpanel | 1 Cpanel | 2022-05-03 | 2.1 LOW | 5.5 MEDIUM |
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584). | |||||
CVE-2020-29136 | 1 Cpanel | 1 Cpanel | 2022-04-26 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). | |||||
CVE-2021-38585 | 1 Cpanel | 1 Cpanel | 2021-08-20 | 6.5 MEDIUM | 7.2 HIGH |
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585). | |||||
CVE-2021-38584 | 1 Cpanel | 1 Cpanel | 2021-08-20 | 6.5 MEDIUM | 7.2 HIGH |
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585). | |||||
CVE-2021-38589 | 1 Cpanel | 1 Cpanel | 2021-08-20 | 5.5 MEDIUM | 8.1 HIGH |
In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588). | |||||
CVE-2021-38588 | 1 Cpanel | 1 Cpanel | 2021-08-20 | 6.8 MEDIUM | 8.1 HIGH |
In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587). | |||||
CVE-2021-38586 | 1 Cpanel | 1 Cpanel | 2021-08-20 | 2.1 LOW | 4.4 MEDIUM |
In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589). | |||||
CVE-2020-26105 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). | |||||
CVE-2019-14395 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 2.1 LOW | 3.3 LOW |
cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). | |||||
CVE-2020-12785 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.5 MEDIUM | 8.1 HIGH |
cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540). | |||||
CVE-2020-12784 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505). | |||||
CVE-2020-26101 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). | |||||
CVE-2020-26102 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). | |||||
CVE-2020-26106 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558). | |||||
CVE-2020-10117 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542). | |||||
CVE-2020-10115 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 9.0 HIGH | 7.2 HIGH |
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537). | |||||
CVE-2020-10116 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541). | |||||
CVE-2020-10120 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 9.0 HIGH | 7.2 HIGH |
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545). | |||||
CVE-2019-14409 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466). |