Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cpanel
(Cpanel)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 415 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-08-01 | CVE-2018-20886 | cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418). | Cpanel | 5.3 | ||
| 2019-08-01 | CVE-2018-20880 | cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445). | Cpanel | 3.3 | ||
| 2019-07-30 | CVE-2018-20862 | cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366). | Cpanel | 7.8 | ||
| 2020-03-17 | CVE-2020-10121 | cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546). | Cpanel | N/A | ||
| 2020-03-17 | CVE-2020-10119 | cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544). | Cpanel | N/A | ||
| 2020-03-17 | CVE-2020-10118 | cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543). | Cpanel | N/A | ||
| 2020-03-17 | CVE-2020-10114 | cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535). | Cpanel | N/A | ||
| 2020-03-17 | CVE-2020-10113 | cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515). | Cpanel | N/A | ||
| 2020-03-17 | CVE-2019-20498 | cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534). | Cpanel | N/A | ||
| 2020-03-17 | CVE-2019-20497 | cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533). | Cpanel | N/A |