Cpanel
by CPanel
CVEs (413)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-14402 | 0.00 | — | 0.00 | Jul 30, 2019 | cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481). | |||
| CVE-2019-14401 | 0.00 | — | 0.01 | Jul 30, 2019 | cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480). | |||
| CVE-2019-14400 | 0.00 | — | 0.00 | Jul 30, 2019 | cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479). | |||
| CVE-2019-14399 | 0.00 | — | 0.00 | Jul 30, 2019 | The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477). | |||
| CVE-2019-14398 | 0.00 | — | 0.01 | Jul 30, 2019 | cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498). | |||
| CVE-2019-14397 | 0.00 | — | 0.01 | Jul 30, 2019 | cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496). | |||
| CVE-2019-14396 | 0.00 | — | 0.00 | Jul 30, 2019 | API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495). | |||
| CVE-2019-14395 | 0.00 | — | 0.00 | Jul 30, 2019 | cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). | |||
| CVE-2019-14394 | 0.00 | — | 0.00 | Jul 30, 2019 | cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). | |||
| CVE-2019-14393 | 0.00 | — | 0.00 | Jul 30, 2019 | cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486). | |||
| CVE-2019-14392 | 0.00 | — | 0.02 | Jul 30, 2019 | cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501). | |||
| CVE-2018-20867 | 0.00 | — | 0.01 | Jul 30, 2019 | cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). | |||
| CVE-2019-14391 | 0.00 | — | 0.00 | Jul 30, 2019 | cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). | |||
| CVE-2019-14390 | 0.00 | — | 0.01 | Jul 30, 2019 | cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). | |||
| CVE-2019-14389 | 0.00 | — | 0.00 | Jul 30, 2019 | cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510). | |||
| CVE-2019-14388 | 0.00 | — | 0.01 | Jul 30, 2019 | cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507). | |||
| CVE-2019-14387 | 0.00 | — | 0.01 | Jul 30, 2019 | cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). | |||
| CVE-2019-14386 | 0.00 | — | 0.01 | Jul 30, 2019 | cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). | |||
| CVE-2008-2071 | 0.00 | — | 0.01 | May 12, 2008 | Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other… | |||
| CVE-2008-2043 | 0.00 | — | 0.01 | May 1, 2008 | Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2)… |
- CVE-2019-14402Jul 30, 2019risk 0.00cvss —epss 0.00
cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481).
- CVE-2019-14401Jul 30, 2019risk 0.00cvss —epss 0.01
cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480).
- CVE-2019-14400Jul 30, 2019risk 0.00cvss —epss 0.00
cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479).
- CVE-2019-14399Jul 30, 2019risk 0.00cvss —epss 0.00
The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477).
- CVE-2019-14398Jul 30, 2019risk 0.00cvss —epss 0.01
cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498).
- CVE-2019-14397Jul 30, 2019risk 0.00cvss —epss 0.01
cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496).
- CVE-2019-14396Jul 30, 2019risk 0.00cvss —epss 0.00
API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495).
- CVE-2019-14395Jul 30, 2019risk 0.00cvss —epss 0.00
cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494).
- CVE-2019-14394Jul 30, 2019risk 0.00cvss —epss 0.00
cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489).
- CVE-2019-14393Jul 30, 2019risk 0.00cvss —epss 0.00
cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486).
- CVE-2019-14392Jul 30, 2019risk 0.00cvss —epss 0.02
cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501).
- CVE-2018-20867Jul 30, 2019risk 0.00cvss —epss 0.01
cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462).
- CVE-2019-14391Jul 30, 2019risk 0.00cvss —epss 0.00
cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514).
- CVE-2019-14390Jul 30, 2019risk 0.00cvss —epss 0.01
cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512).
- CVE-2019-14389Jul 30, 2019risk 0.00cvss —epss 0.00
cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510).
- CVE-2019-14388Jul 30, 2019risk 0.00cvss —epss 0.01
cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507).
- CVE-2019-14387Jul 30, 2019risk 0.00cvss —epss 0.01
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).
- CVE-2019-14386Jul 30, 2019risk 0.00cvss —epss 0.01
cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504).
- CVE-2008-2071May 12, 2008risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other…
- CVE-2008-2043May 1, 2008risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2)…
Page 20 of 21