Filtered by vendor Cpanel
Subscribe
Total
426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18421 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271). | |||||
| CVE-2016-10789 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191). | |||||
| CVE-2018-20867 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). | |||||
| CVE-2016-10844 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77). | |||||
| CVE-2017-18418 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265). | |||||
| CVE-2019-14408 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460). | |||||
| CVE-2018-20865 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459). | |||||
| CVE-2017-18420 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269). | |||||
| CVE-2017-18450 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.4 MEDIUM | 4.5 MEDIUM |
| cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255). | |||||
| CVE-2018-20870 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467). | |||||
| CVE-2018-20880 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445). | |||||
| CVE-2016-10826 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93). | |||||
| CVE-2018-20875 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433). | |||||
| CVE-2017-18395 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 does not block a username of ssl (SEC-328). | |||||
| CVE-2016-10831 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101). | |||||
| CVE-2016-10841 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 2.1 LOW | 5.3 MEDIUM |
| The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73). | |||||
| CVE-2018-20923 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377). | |||||
| CVE-2017-18398 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.5 MEDIUM | 3.8 LOW |
| DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331). | |||||
| CVE-2017-18464 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.5 MEDIUM | 4.9 MEDIUM |
| cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226). | |||||
| CVE-2018-20931 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). | |||||