Total
417 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-18390 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). | |||||
CVE-2016-10774 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172). | |||||
CVE-2017-18419 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266). | |||||
CVE-2016-10822 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88). | |||||
CVE-2017-18392 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 2.1 LOW | 2.0 LOW |
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325). | |||||
CVE-2016-10847 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80). | |||||
CVE-2019-14392 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501). | |||||
CVE-2016-10850 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83). | |||||
CVE-2017-18383 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309). | |||||
CVE-2018-20930 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). | |||||
CVE-2017-18460 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). | |||||
CVE-2016-10783 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182). | |||||
CVE-2017-18442 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). | |||||
CVE-2017-18403 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337). | |||||
CVE-2017-18462 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224). | |||||
CVE-2019-14406 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493). | |||||
CVE-2018-20917 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
cPanel before 70.0.23 allows any user to disable Solr (SEC-371). | |||||
CVE-2016-10843 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76). | |||||
CVE-2018-20862 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366). | |||||
CVE-2017-18404 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.9 MEDIUM | 3.1 LOW |
cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). |