Search
Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20899 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398). | |||||
| CVE-2017-18389 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318). | |||||
| CVE-2017-18390 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). | |||||
| CVE-2018-20873 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 2.1 LOW | 3.3 LOW |
| cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). | |||||
| CVE-2016-10859 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65). | |||||
| CVE-2017-18443 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.0 MEDIUM | 5.8 MEDIUM |
| cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247). | |||||
| CVE-2016-10853 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86). | |||||
| CVE-2016-10852 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). | |||||
| CVE-2017-18447 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251). | |||||
| CVE-2017-18448 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252). | |||||
| CVE-2017-18449 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). | |||||
| CVE-2017-18450 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.4 MEDIUM | 4.5 MEDIUM |
| cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255). | |||||
| CVE-2017-18461 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). | |||||
| CVE-2017-18455 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 2.7 LOW |
| In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208). | |||||
| CVE-2017-18430 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.6 MEDIUM | 4.7 MEDIUM |
| In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294). | |||||
| CVE-2017-18445 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). | |||||
| CVE-2017-18444 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248). | |||||
| CVE-2017-18460 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). | |||||
| CVE-2017-18459 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). | |||||
| CVE-2017-18442 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). | |||||
| CVE-2017-18441 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.0 MEDIUM | 5.0 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245). | |||||
| CVE-2018-20951 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). | |||||
| CVE-2018-20950 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386). | |||||
| CVE-2018-20949 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). | |||||
| CVE-2018-20948 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). | |||||
| CVE-2018-20946 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). | |||||
| CVE-2018-20944 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). | |||||
| CVE-2018-20940 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). | |||||
| CVE-2018-20939 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). | |||||
| CVE-2016-10828 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97). | |||||
| CVE-2016-10824 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 9.3 HIGH | 9.8 CRITICAL |
| cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90). | |||||
| CVE-2018-20888 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424). | |||||
| CVE-2016-10823 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89). | |||||
| CVE-2018-20933 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410). | |||||
| CVE-2018-20889 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.6 LOW | 4.4 MEDIUM |
| cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425). | |||||
| CVE-2018-20894 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 2.1 LOW | 3.3 LOW |
| cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443). | |||||
| CVE-2018-20895 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 6.5 MEDIUM | 7.2 HIGH |
| In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). | |||||
| CVE-2018-20896 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.3 LOW | 3.9 LOW |
| cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). | |||||
| CVE-2015-9291 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221). | |||||
| CVE-2016-10827 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96). | |||||
| CVE-2016-10822 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88). | |||||
| CVE-2018-20935 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412). | |||||
| CVE-2017-18473 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199). | |||||
| CVE-2017-18471 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197). | |||||
| CVE-2017-18472 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198). | |||||
| CVE-2017-18481 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211). | |||||
| CVE-2016-10856 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29). | |||||
| CVE-2017-18463 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225). | |||||
| CVE-2017-18458 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 3.6 LOW | 3.3 LOW |
| cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219). | |||||
| CVE-2017-18454 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262). | |||||