Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cpanel
(Cpanel)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 415 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-08-01 | CVE-2018-20908 | cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435). | Cpanel | 5.5 | ||
| 2019-08-01 | CVE-2018-20907 | cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432). | Cpanel | 4.3 | ||
| 2019-08-01 | CVE-2018-20906 | cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430). | Cpanel | 4.3 | ||
| 2019-08-01 | CVE-2018-20905 | cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429). | Cpanel | 5.4 | ||
| 2019-08-01 | CVE-2018-20904 | cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427). | Cpanel | 4.3 | ||
| 2019-08-01 | CVE-2018-20892 | cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439). | Cpanel | 4.3 | ||
| 2019-08-01 | CVE-2018-20886 | cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418). | Cpanel | 5.3 | ||
| 2019-08-01 | CVE-2018-20880 | cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445). | Cpanel | 3.3 | ||
| 2019-07-30 | CVE-2018-20862 | cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366). | Cpanel | 7.8 | ||
| 2020-03-17 | CVE-2020-10121 | cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546). | Cpanel | N/A |