Cpanel
by CPanel
CVEs (413)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10832 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102). | |||
| CVE-2018-20943 | 0.00 | — | 0.00 | Aug 1, 2019 | cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). | |||
| CVE-2018-20942 | 0.00 | — | 0.00 | Aug 1, 2019 | cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). | |||
| CVE-2018-20941 | 0.00 | — | 0.00 | Aug 1, 2019 | cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349). | |||
| CVE-2016-10833 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104). | |||
| CVE-2018-20940 | 0.00 | — | 0.00 | Aug 1, 2019 | cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). | |||
| CVE-2018-20939 | 0.00 | — | 0.00 | Aug 1, 2019 | cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). | |||
| CVE-2018-20938 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). | |||
| CVE-2016-10834 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105). | |||
| CVE-2018-20937 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | |||
| CVE-2016-10835 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). | |||
| CVE-2018-20936 | 0.00 | — | 0.00 | Aug 1, 2019 | cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). | |||
| CVE-2016-10836 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108). | |||
| CVE-2018-20935 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412). | |||
| CVE-2018-20934 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411). | |||
| CVE-2018-20933 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410). | |||
| CVE-2018-20932 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406). | |||
| CVE-2018-20931 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). | |||
| CVE-2018-20930 | 0.00 | — | 0.01 | Aug 1, 2019 | cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). | |||
| CVE-2016-10837 | 0.00 | — | 0.02 | Aug 1, 2019 | cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46). |
- CVE-2016-10832Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102).
- CVE-2018-20943Aug 1, 2019risk 0.00cvss —epss 0.00
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).
- CVE-2018-20942Aug 1, 2019risk 0.00cvss —epss 0.00
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).
- CVE-2018-20941Aug 1, 2019risk 0.00cvss —epss 0.00
cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349).
- CVE-2016-10833Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).
- CVE-2018-20940Aug 1, 2019risk 0.00cvss —epss 0.00
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342).
- CVE-2018-20939Aug 1, 2019risk 0.00cvss —epss 0.00
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).
- CVE-2018-20938Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).
- CVE-2016-10834Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).
- CVE-2018-20937Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321).
- CVE-2016-10835Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).
- CVE-2018-20936Aug 1, 2019risk 0.00cvss —epss 0.00
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).
- CVE-2016-10836Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108).
- CVE-2018-20935Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).
- CVE-2018-20934Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).
- CVE-2018-20933Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).
- CVE-2018-20932Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).
- CVE-2018-20931Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).
- CVE-2018-20930Aug 1, 2019risk 0.00cvss —epss 0.01
cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401).
- CVE-2016-10837Aug 1, 2019risk 0.00cvss —epss 0.02
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).
Page 14 of 21