Filtered by vendor Cpanel
Subscribe
Total
426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26100 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). | |||||
| CVE-2020-26104 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). | |||||
| CVE-2020-26103 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551). | |||||
| CVE-2020-26109 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557). | |||||
| CVE-2020-26108 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488). | |||||
| CVE-2020-26112 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| The email quota cache in cPanel before 90.0.10 allows overwriting of files. | |||||
| CVE-2020-26110 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564). | |||||
| CVE-2020-26113 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569). | |||||
| CVE-2020-26111 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566). | |||||
| CVE-2020-26115 | 1 Cpanel | 1 Cpanel | 2020-09-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574). | |||||
| CVE-2020-26114 | 1 Cpanel | 1 Cpanel | 2020-09-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573). | |||||
| CVE-2019-20498 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534). | |||||
| CVE-2019-20490 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499). | |||||
| CVE-2019-14400 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479). | |||||
| CVE-2018-20904 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427). | |||||
| CVE-2019-14391 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). | |||||
| CVE-2018-20936 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). | |||||
| CVE-2019-14413 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476). | |||||
| CVE-2019-14401 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480). | |||||
| CVE-2019-20492 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516). | |||||