Total
418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14395 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494).
|
|||||
| CVE-2019-14394 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489).
|
|||||
| CVE-2019-14393 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
|
cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486).
|
|||||
| CVE-2019-14392 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501).
|
|||||
| CVE-2019-14391 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514).
|
|||||
| CVE-2019-14390 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512).
|
|||||
| CVE-2019-14389 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510).
|
|||||
| CVE-2019-14388 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507).
|
|||||
| CVE-2019-14387 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).
|
|||||
| CVE-2019-14386 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504).
|
|||||
| CVE-2018-20953 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).
|
|||||
| CVE-2018-20952 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).
|
|||||
| CVE-2018-20951 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).
|
|||||
| CVE-2018-20950 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).
|
|||||
| CVE-2018-20949 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385).
|
|||||
| CVE-2018-20948 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383).
|
|||||
| CVE-2018-20947 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).
|
|||||
| CVE-2018-20946 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355).
|
|||||
| CVE-2018-20945 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.9 HIGH | 5.7 MEDIUM |
|
bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354).
|
|||||
| CVE-2018-20944 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353).
|
|||||
| CVE-2018-20943 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 1.9 LOW | 2.5 LOW |
|
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).
|
|||||
| CVE-2018-20942 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 1.9 LOW | 2.5 LOW |
|
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).
|
|||||
| CVE-2018-20941 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
|
cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349).
|
|||||
| CVE-2018-20940 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342).
|
|||||
| CVE-2018-20939 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).
|
|||||
| CVE-2018-20938 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).
|
|||||
| CVE-2018-20937 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321).
|
|||||
| CVE-2018-20936 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).
|
|||||
| CVE-2018-20935 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).
|
|||||
| CVE-2018-20934 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).
|
|||||
| CVE-2018-20933 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).
|
|||||
| CVE-2018-20932 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).
|
|||||
| CVE-2018-20931 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).
|
|||||
| CVE-2018-20930 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401).
|
|||||
| CVE-2018-20929 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392).
|
|||||
| CVE-2018-20928 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391).
|
|||||
| CVE-2018-20927 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.8 LOW |
|
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).
|
|||||
| CVE-2018-20926 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380).
|
|||||
| CVE-2018-20925 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379).
|
|||||
| CVE-2018-20924 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 HIGH | 5.5 MEDIUM |
|
cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378).
|
|||||