Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cpanel
(Cpanel)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 402 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-08-11 | CVE-2021-38586 | In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589). | Cpanel | 4.4 | ||
| 2021-08-11 | CVE-2021-38585 | The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585). | Cpanel | 7.2 | ||
| 2021-08-11 | CVE-2021-38589 | In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588). | Cpanel | 8.1 | ||
| 2021-08-11 | CVE-2021-38588 | In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587). | Cpanel | 8.1 | ||
| 2019-07-30 | CVE-2019-14394 | cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). | Cpanel | 5.5 | ||
| 2019-07-30 | CVE-2019-14395 | cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). | Cpanel | 3.3 | ||
| 2019-07-30 | CVE-2019-14399 | The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477). | Cpanel | 7.1 | ||
| 2019-07-30 | CVE-2019-14404 | cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). | Cpanel | 5.5 | ||
| 2019-07-30 | CVE-2019-14407 | cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415). | Cpanel | 2.7 | ||
| 2019-07-30 | CVE-2019-14409 | cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466). | Cpanel | 5.5 |