Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cpanel
(Cpanel)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 415 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-08-01 | CVE-2018-20928 | cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391). | Cpanel | 6.1 | ||
| 2019-08-01 | CVE-2018-20924 | cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). | Cpanel | 5.5 | ||
| 2019-08-01 | CVE-2018-20899 | cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398). | Cpanel | 6.1 | ||
| 2019-08-01 | CVE-2018-20897 | cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395). | Cpanel | 2.8 | ||
| 2019-08-01 | CVE-2018-20890 | cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426). | Cpanel | 4.3 | ||
| 2019-08-01 | CVE-2018-20882 | cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). | Cpanel | 6.8 | ||
| 2019-08-01 | CVE-2018-20873 | cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). | Cpanel | 3.3 | ||
| 2019-08-05 | CVE-2017-18469 | cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233). | Cpanel | 6.3 | ||
| 2019-08-02 | CVE-2017-18456 | cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). | Cpanel | 6.1 | ||
| 2019-08-02 | CVE-2017-18449 | cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). | Cpanel | 5.5 |