Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cpanel
(Cpanel)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 415 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-10-09 | CVE-2019-17378 | cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526). | Cpanel | N/A | ||
| 2019-10-09 | CVE-2019-17377 | cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524). | Cpanel | N/A | ||
| 2019-10-09 | CVE-2019-17376 | cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521). | Cpanel | N/A | ||
| 2019-08-02 | CVE-2017-18429 | In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). | Cpanel | N/A | ||
| 2019-08-02 | CVE-2017-18452 | cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259). | Cpanel | 6.7 | ||
| 2019-08-02 | CVE-2017-18446 | cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250). | Cpanel | 6.3 | ||
| 2019-08-01 | CVE-2016-10814 | cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119). | Cpanel | 8.8 | ||
| 2019-08-02 | CVE-2017-18431 | cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941). | Cpanel | 7.5 | ||
| 2019-08-02 | CVE-2017-18404 | cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). | Cpanel | 3.1 | ||
| 2019-08-02 | CVE-2017-18403 | cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337). | Cpanel | 6.3 |