Filtered by vendor Cpanel
Subscribe
Search
Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20494 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525). | |||||
| CVE-2019-14395 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). | |||||
| CVE-2019-14407 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415). | |||||
| CVE-2019-14396 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495). | |||||
| CVE-2018-20880 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445). | |||||
| CVE-2019-14391 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). | |||||
| CVE-2018-20936 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). | |||||
| CVE-2019-14414 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478). | |||||
| CVE-2019-14402 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481). | |||||
| CVE-2017-18429 | 1 Cpanel | 1 Cpanel | 2019-09-24 | 2.1 LOW | 3.3 LOW |
| In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). | |||||
| CVE-2017-18399 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.3 MEDIUM | 3.7 LOW |
| cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332). | |||||
| CVE-2017-18398 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 5.5 MEDIUM | 3.8 LOW |
| DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331). | |||||
| CVE-2017-18397 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). | |||||
| CVE-2017-18401 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334). | |||||
| CVE-2017-18404 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.9 MEDIUM | 3.1 LOW |
| cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). | |||||
| CVE-2017-18395 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 does not block a username of ssl (SEC-328). | |||||
| CVE-2017-18394 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327). | |||||
| CVE-2017-18393 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326). | |||||
| CVE-2017-18392 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 2.1 LOW | 2.0 LOW |
| cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325). | |||||
| CVE-2016-10796 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 2.1 LOW | 3.3 LOW |
| cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130). | |||||
| CVE-2018-20932 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406). | |||||
| CVE-2018-20927 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 2.1 LOW | 3.8 LOW |
| cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). | |||||
| CVE-2017-18466 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228). | |||||
| CVE-2017-18427 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 2.1 LOW | 3.3 LOW |
| In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289). | |||||
| CVE-2017-18428 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 1.9 LOW | 2.5 LOW |
| In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). | |||||
| CVE-2017-18412 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 1.9 LOW | 2.5 LOW |
| cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296). | |||||
| CVE-2018-20943 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 1.9 LOW | 2.5 LOW |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). | |||||
| CVE-2017-18391 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 1.9 LOW | 2.5 LOW |
| cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323). | |||||
| CVE-2017-18425 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 1.9 LOW | 2.5 LOW |
| In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). | |||||
| CVE-2017-18426 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288). | |||||
| CVE-2016-10772 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 2.1 LOW | 3.3 LOW |
| cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168). | |||||
| CVE-2018-20942 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 1.9 LOW | 2.5 LOW |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). | |||||
| CVE-2018-20938 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). | |||||
| CVE-2017-18436 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 2.7 LOW | 3.5 LOW |
| cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239). | |||||
| CVE-2018-20897 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.3 LOW | 2.8 LOW |
| cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395). | |||||
| CVE-2018-20873 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 2.1 LOW | 3.3 LOW |
| cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). | |||||
| CVE-2017-18455 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 2.7 LOW |
| In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208). | |||||
| CVE-2018-20946 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). | |||||
| CVE-2018-20944 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). | |||||
| CVE-2018-20940 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). | |||||
| CVE-2018-20939 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). | |||||
| CVE-2018-20894 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 2.1 LOW | 3.3 LOW |
| cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443). | |||||
| CVE-2018-20896 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.3 LOW | 3.9 LOW |
| cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). | |||||
| CVE-2017-18458 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 3.6 LOW | 3.3 LOW |
| cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219). | |||||
| CVE-2018-20893 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 2.1 LOW | 2.3 LOW |
| cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442). | |||||
| CVE-2017-18382 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). | |||||
| CVE-2017-18384 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 2.1 LOW | 3.8 LOW |
| cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). | |||||
| CVE-2017-18422 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 2.1 LOW | 3.3 LOW |
| In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272). | |||||
| CVE-2017-18424 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 2.1 LOW | 3.3 LOW |
| In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274). | |||||
| CVE-2017-18423 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 2.1 LOW | 3.3 LOW |
| In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273). | |||||