Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cpanel
(Cpanel)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 415 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-03-17 | CVE-2019-20496 | cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532). | Cpanel | N/A | ||
| 2020-03-17 | CVE-2019-20492 | cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516). | Cpanel | N/A | ||
| 2020-03-16 | CVE-2019-20491 | cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508). | Cpanel | N/A | ||
| 2020-03-17 | CVE-2019-20490 | cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499). | Cpanel | N/A | ||
| 2020-03-17 | CVE-2019-20493 | cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520). | Cpanel | N/A | ||
| 2020-02-10 | CVE-2012-6449 | The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability. | Cpanel, Whm | N/A | ||
| 2017-03-03 | CVE-2017-5614 | Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter. | Cpanel | N/A | ||
| 2019-10-09 | CVE-2019-17375 | cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517). | Cpanel | N/A | ||
| 2019-10-09 | CVE-2019-17380 | cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528). | Cpanel | N/A | ||
| 2019-10-09 | CVE-2019-17379 | cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527). | Cpanel | N/A |