Total
418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20883 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
cPanel before 74.0.8 allows FTP access during account suspension (SEC-449).
|
|||||
| CVE-2018-20882 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.6 MEDIUM | 6.8 MEDIUM |
|
cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447).
|
|||||
| CVE-2018-20881 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446).
|
|||||
| CVE-2018-20880 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445).
|
|||||
| CVE-2018-20879 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444).
|
|||||
| CVE-2018-20878 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441).
|
|||||
| CVE-2018-20877 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437).
|
|||||
| CVE-2018-20876 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434).
|
|||||
| CVE-2018-20875 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).
|
|||||
| CVE-2018-20874 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428).
|
|||||
| CVE-2018-20873 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409).
|
|||||
| CVE-2018-20870 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467).
|
|||||
| CVE-2018-20869 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465).
|
|||||
| CVE-2018-20868 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464).
|
|||||
| CVE-2018-20867 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462).
|
|||||
| CVE-2018-20866 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461).
|
|||||
| CVE-2018-20865 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459).
|
|||||
| CVE-2018-20864 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454).
|
|||||
| CVE-2018-20863 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452).
|
|||||
| CVE-2018-20862 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366).
|
|||||
| CVE-2018-16236 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering.
|
|||||
| CVE-2017-18482 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213).
|
|||||
| CVE-2017-18481 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211).
|
|||||
| CVE-2017-18480 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210).
|
|||||
| CVE-2017-18479 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).
|
|||||
| CVE-2017-18478 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207).
|
|||||
| CVE-2017-18477 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206).
|
|||||
| CVE-2017-18476 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205).
|
|||||
| CVE-2017-18475 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).
|
|||||
| CVE-2017-18474 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201).
|
|||||
| CVE-2017-18473 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199).
|
|||||
| CVE-2017-18472 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198).
|
|||||
| CVE-2017-18471 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197).
|
|||||
| CVE-2017-18470 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196).
|
|||||
| CVE-2017-18469 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233).
|
|||||
| CVE-2017-18468 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).
|
|||||
| CVE-2017-18467 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229).
|
|||||
| CVE-2017-18466 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228).
|
|||||
| CVE-2017-18465 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227).
|
|||||
| CVE-2017-18464 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
|
cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226).
|
|||||