Vulnerabilities (CVE)

Vendor filter

Cpanel Subscribe

Product filter

Cpanel Subscribe

Filter

336 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17375 1 Cpanel 1 Cpanel 2019-10-11 6.5
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).
CVE-2019-17378 1 Cpanel 1 Cpanel 2019-10-09 4.3
cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526).
CVE-2019-17379 1 Cpanel 1 Cpanel 2019-10-09 4.3
cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).
CVE-2019-17377 1 Cpanel 1 Cpanel 2019-10-09 4.3
cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524).
CVE-2019-17376 1 Cpanel 1 Cpanel 2019-10-09 4.3
cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521).
CVE-2019-17380 1 Cpanel 1 Cpanel 2019-10-09 4.3
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
CVE-2017-18429 1 Cpanel 1 Cpanel 2019-09-24 2.1
In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291).
CVE-2017-18452 1 Cpanel 1 Cpanel 2019-08-14 4.6
cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259).
CVE-2017-18446 1 Cpanel 1 Cpanel 2019-08-14 6.5
cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250).
CVE-2017-18400 1 Cpanel 1 Cpanel 2019-08-13 7.2
cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333).
CVE-2017-18399 1 Cpanel 1 Cpanel 2019-08-13 4.3
cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332).
CVE-2017-18398 1 Cpanel 1 Cpanel 2019-08-13 5.5
DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331).
CVE-2017-18397 1 Cpanel 1 Cpanel 2019-08-13 2.1
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).
CVE-2016-10814 1 Cpanel 1 Cpanel 2019-08-13 6.5
cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).
CVE-2017-18401 1 Cpanel 1 Cpanel 2019-08-13 4.0
cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334).
CVE-2016-10794 1 Cpanel 1 Cpanel 2019-08-13 4.0
cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154).
CVE-2016-10792 1 Cpanel 1 Cpanel 2019-08-13 6.5
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141).
CVE-2016-10791 1 Cpanel 1 Cpanel 2019-08-13 5.0
cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559).
CVE-2017-18431 1 Cpanel 1 Cpanel 2019-08-13 5.0
cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941).
CVE-2017-18402 1 Cpanel 1 Cpanel 2019-08-13 3.5
cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336).