Filtered by vendor Cpanel
Subscriptions
Filtered by product Cpanel
Subscriptions
Total
417 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-14393 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486). | ||||
CVE-2019-14395 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). | ||||
CVE-2019-14391 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). | ||||
CVE-2019-14407 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415). | ||||
CVE-2019-14404 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). | ||||
CVE-2019-14396 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495). | ||||
CVE-2019-14394 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). | ||||
CVE-2019-14398 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498). | ||||
CVE-2019-14400 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479). | ||||
CVE-2019-14386 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). | ||||
CVE-2019-14411 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473). | ||||
CVE-2019-14390 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). | ||||
CVE-2019-14387 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). | ||||
CVE-2020-29136 | 1 Cpanel | 1 Cpanel | 2024-08-04 | 6.5 Medium |
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). | ||||
CVE-2020-29137 | 1 Cpanel | 1 Cpanel | 2024-08-04 | 6.1 Medium |
cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577). | ||||
CVE-2020-29135 | 1 Cpanel | 1 Cpanel | 2024-08-04 | 4.1 Medium |
cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567). | ||||
CVE-2020-26100 | 1 Cpanel | 1 Cpanel | 2024-08-04 | 9.8 Critical |
chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). | ||||
CVE-2020-26098 | 1 Cpanel | 1 Cpanel | 2024-08-04 | 9.8 Critical |
cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). | ||||
CVE-2020-26113 | 1 Cpanel | 1 Cpanel | 2024-08-04 | 6.1 Medium |
cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569). | ||||
CVE-2020-26110 | 1 Cpanel | 1 Cpanel | 2024-08-04 | 6.1 Medium |
cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564). |