Cpanel
by CPanel
CVEs (413)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10826 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93). | |||
| CVE-2016-10822 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88). | |||
| CVE-2016-10823 | 0.00 | — | 0.02 | Aug 1, 2019 | cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89). | |||
| CVE-2016-10824 | 0.00 | — | 0.03 | Aug 1, 2019 | cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90). | |||
| CVE-2016-10825 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92). | |||
| CVE-2016-10827 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96). | |||
| CVE-2016-10828 | 0.00 | — | 0.03 | Aug 1, 2019 | cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97). | |||
| CVE-2016-10829 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99). | |||
| CVE-2016-10830 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100). | |||
| CVE-2016-10831 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101). | |||
| CVE-2018-20953 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389). | |||
| CVE-2018-20952 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388). | |||
| CVE-2018-20951 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). | |||
| CVE-2018-20950 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386). | |||
| CVE-2018-20949 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). | |||
| CVE-2018-20948 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). | |||
| CVE-2018-20947 | 0.00 | — | 0.00 | Aug 1, 2019 | cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). | |||
| CVE-2018-20946 | 0.00 | — | 0.00 | Aug 1, 2019 | cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). | |||
| CVE-2018-20945 | 0.00 | — | 0.01 | Aug 1, 2019 | bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). | |||
| CVE-2018-20944 | 0.00 | — | 0.00 | Aug 1, 2019 | cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). |
- CVE-2016-10826Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).
- CVE-2016-10822Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).
- CVE-2016-10823Aug 1, 2019risk 0.00cvss —epss 0.02
cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89).
- CVE-2016-10824Aug 1, 2019risk 0.00cvss —epss 0.03
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).
- CVE-2016-10825Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).
- CVE-2016-10827Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).
- CVE-2016-10828Aug 1, 2019risk 0.00cvss —epss 0.03
cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).
- CVE-2016-10829Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).
- CVE-2016-10830Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).
- CVE-2016-10831Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).
- CVE-2018-20953Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).
- CVE-2018-20952Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).
- CVE-2018-20951Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).
- CVE-2018-20950Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).
- CVE-2018-20949Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385).
- CVE-2018-20948Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383).
- CVE-2018-20947Aug 1, 2019risk 0.00cvss —epss 0.00
cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).
- CVE-2018-20946Aug 1, 2019risk 0.00cvss —epss 0.00
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355).
- CVE-2018-20945Aug 1, 2019risk 0.00cvss —epss 0.01
bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354).
- CVE-2018-20944Aug 1, 2019risk 0.00cvss —epss 0.00
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353).
Page 13 of 21