Filtered by vendor Cpanel
Subscribe
Search
Total
212 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38590 | 1 Cpanel | 1 Cpanel | 2022-05-03 | 2.1 LOW | 5.5 MEDIUM |
| In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584). | |||||
| CVE-2020-29136 | 1 Cpanel | 1 Cpanel | 2022-04-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). | |||||
| CVE-2021-38586 | 1 Cpanel | 1 Cpanel | 2021-08-20 | 2.1 LOW | 4.4 MEDIUM |
| In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589). | |||||
| CVE-2019-20495 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531). | |||||
| CVE-2019-14409 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466). | |||||
| CVE-2020-10122 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547). | |||||
| CVE-2020-29135 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 3.5 LOW | 4.1 MEDIUM |
| cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567). | |||||
| CVE-2020-12784 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505). | |||||
| CVE-2019-14404 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). | |||||
| CVE-2019-14394 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). | |||||
| CVE-2020-10116 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541). | |||||
| CVE-2021-31803 | 1 Cpanel | 1 Cpanel | 2021-05-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581). | |||||
| CVE-2020-29137 | 1 Cpanel | 1 Cpanel | 2020-12-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577). | |||||
| CVE-2020-26110 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564). | |||||
| CVE-2020-26113 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569). | |||||
| CVE-2020-26111 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566). | |||||
| CVE-2020-26115 | 1 Cpanel | 1 Cpanel | 2020-09-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574). | |||||
| CVE-2020-26114 | 1 Cpanel | 1 Cpanel | 2020-09-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573). | |||||
| CVE-2018-20907 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432). | |||||
| CVE-2018-20908 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435). | |||||
| CVE-2018-20906 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430). | |||||
| CVE-2019-14408 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460). | |||||
| CVE-2018-20886 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.6 MEDIUM | 5.3 MEDIUM |
| cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418). | |||||
| CVE-2019-14413 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476). | |||||
| CVE-2019-14393 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.6 MEDIUM | 5.3 MEDIUM |
| cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486). | |||||
| CVE-2018-20904 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427). | |||||
| CVE-2018-20892 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439). | |||||
| CVE-2019-14411 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473). | |||||
| CVE-2019-14397 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496). | |||||
| CVE-2018-20926 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 7.2 HIGH | 6.7 MEDIUM |
| cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380). | |||||
| CVE-2019-20491 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 5.5 MEDIUM | 5.4 MEDIUM |
| cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508). | |||||
| CVE-2018-20905 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 5.5 MEDIUM | 5.4 MEDIUM |
| cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429). | |||||
| CVE-2019-20496 | 1 Cpanel | 1 Cpanel | 2020-03-19 | 4.9 MEDIUM | 5.5 MEDIUM |
| cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532). | |||||
| CVE-2019-20497 | 1 Cpanel | 1 Cpanel | 2020-03-19 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533). | |||||
| CVE-2020-10113 | 1 Cpanel | 1 Cpanel | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515). | |||||
| CVE-2020-10114 | 1 Cpanel | 1 Cpanel | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535). | |||||
| CVE-2019-20493 | 1 Cpanel | 1 Cpanel | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520). | |||||
| CVE-2012-6449 | 1 Cpanel | 2 Cpanel, Whm | 2020-02-13 | 3.5 LOW | 5.4 MEDIUM |
| The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability. | |||||
| CVE-2012-6448 | 1 Cpanel | 1 Webhost Manager | 2020-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-5614 | 1 Cpanel | 1 Cpanel | 2019-10-31 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter. | |||||
| CVE-2019-17378 | 1 Cpanel | 1 Cpanel | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526). | |||||
| CVE-2019-17377 | 1 Cpanel | 1 Cpanel | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524). | |||||
| CVE-2019-17379 | 1 Cpanel | 1 Cpanel | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527). | |||||
| CVE-2019-17376 | 1 Cpanel | 1 Cpanel | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521). | |||||
| CVE-2019-17380 | 1 Cpanel | 1 Cpanel | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528). | |||||
| CVE-2017-18452 | 1 Cpanel | 1 Cpanel | 2019-08-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259). | |||||
| CVE-2017-18446 | 1 Cpanel | 1 Cpanel | 2019-08-14 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250). | |||||
| CVE-2016-10794 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154). | |||||
| CVE-2016-10791 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559). | |||||
| CVE-2017-18402 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336). | |||||