Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cpanel
(Cpanel)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 415 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-03-17 | CVE-2020-10122 | cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547). | Cpanel | 6.5 | ||
| 2019-08-01 | CVE-2018-20936 | cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). | Cpanel | 3.3 | ||
| 2019-08-01 | CVE-2018-20926 | cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380). | Cpanel | 6.7 | ||
| 2019-08-01 | CVE-2018-20909 | cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338). | Cpanel | 7.1 | ||
| 2019-08-01 | CVE-2018-20908 | cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435). | Cpanel | 5.5 | ||
| 2019-08-01 | CVE-2018-20907 | cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432). | Cpanel | 4.3 | ||
| 2019-08-01 | CVE-2018-20906 | cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430). | Cpanel | 4.3 | ||
| 2019-08-01 | CVE-2018-20905 | cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429). | Cpanel | 5.4 | ||
| 2019-08-01 | CVE-2018-20904 | cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427). | Cpanel | 4.3 | ||
| 2019-08-01 | CVE-2018-20892 | cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439). | Cpanel | 4.3 |