Cpanel
by CPanel
CVEs (413)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-18393 | 0.00 | — | 0.01 | Aug 2, 2019 | cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326). | |||
| CVE-2017-18392 | 0.00 | — | 0.01 | Aug 2, 2019 | cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325). | |||
| CVE-2017-18391 | 0.00 | — | 0.00 | Aug 2, 2019 | cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323). | |||
| CVE-2017-18390 | 0.00 | — | 0.00 | Aug 2, 2019 | cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). | |||
| CVE-2017-18388 | 0.00 | — | 0.00 | Aug 2, 2019 | cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315). | |||
| CVE-2017-18387 | 0.00 | — | 0.02 | Aug 2, 2019 | cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314). | |||
| CVE-2017-18386 | 0.00 | — | 0.02 | Aug 2, 2019 | cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313). | |||
| CVE-2017-18385 | 0.00 | — | 0.00 | Aug 2, 2019 | cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). | |||
| CVE-2017-18384 | 0.00 | — | 0.00 | Aug 2, 2019 | cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). | |||
| CVE-2017-18383 | 0.00 | — | 0.00 | Aug 2, 2019 | cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309). | |||
| CVE-2017-18382 | 0.00 | — | 0.01 | Aug 2, 2019 | cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). | |||
| CVE-2016-10813 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118). | |||
| CVE-2016-10814 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119). | |||
| CVE-2016-10815 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120). | |||
| CVE-2016-10816 | 0.00 | — | 0.02 | Aug 1, 2019 | cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121). | |||
| CVE-2016-10817 | 0.00 | — | 0.02 | Aug 1, 2019 | cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123). | |||
| CVE-2016-10818 | 0.00 | — | 0.02 | Aug 1, 2019 | cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). | |||
| CVE-2016-10819 | 0.00 | — | 0.01 | Aug 1, 2019 | In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125). | |||
| CVE-2016-10820 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31). | |||
| CVE-2016-10821 | 0.00 | — | 0.01 | Aug 1, 2019 | In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). |
- CVE-2017-18393Aug 2, 2019risk 0.00cvss —epss 0.01
cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).
- CVE-2017-18392Aug 2, 2019risk 0.00cvss —epss 0.01
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).
- CVE-2017-18391Aug 2, 2019risk 0.00cvss —epss 0.00
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).
- CVE-2017-18390Aug 2, 2019risk 0.00cvss —epss 0.00
cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).
- CVE-2017-18388Aug 2, 2019risk 0.00cvss —epss 0.00
cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).
- CVE-2017-18387Aug 2, 2019risk 0.00cvss —epss 0.02
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).
- CVE-2017-18386Aug 2, 2019risk 0.00cvss —epss 0.02
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).
- CVE-2017-18385Aug 2, 2019risk 0.00cvss —epss 0.00
cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).
- CVE-2017-18384Aug 2, 2019risk 0.00cvss —epss 0.00
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).
- CVE-2017-18383Aug 2, 2019risk 0.00cvss —epss 0.00
cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309).
- CVE-2017-18382Aug 2, 2019risk 0.00cvss —epss 0.01
cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).
- CVE-2016-10813Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).
- CVE-2016-10814Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).
- CVE-2016-10815Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).
- CVE-2016-10816Aug 1, 2019risk 0.00cvss —epss 0.02
cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).
- CVE-2016-10817Aug 1, 2019risk 0.00cvss —epss 0.02
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).
- CVE-2016-10818Aug 1, 2019risk 0.00cvss —epss 0.02
cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124).
- CVE-2016-10819Aug 1, 2019risk 0.00cvss —epss 0.01
In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).
- CVE-2016-10820Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).
- CVE-2016-10821Aug 1, 2019risk 0.00cvss —epss 0.01
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).
Page 12 of 21