U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:cpanel:cpanel:11.54.0.0.:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 208 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2016-10771

cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2016-10770

cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2016-10769

cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2016-10768

cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2016-10767

cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-18426

cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).

Published: August 02, 2019; 12:15:12 PM -0400 		V4.0:(not available)
 V3.0: 2.7 LOW
V2.0: 4.0 MEDIUM
CVE-2017-18420

cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269).

Published: August 02, 2019; 12:15:11 PM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-18419

cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).

Published: August 02, 2019; 12:15:11 PM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-18418

cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).

Published: August 02, 2019; 12:15:11 PM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-18417

cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).

Published: August 02, 2019; 12:15:11 PM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-18416

cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303).

Published: August 02, 2019; 10:15:13 AM -0400 		V4.0:(not available)
 V3.0: 5.5 MEDIUM
V2.0: 3.6 LOW
CVE-2017-18415

cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302).

Published: August 02, 2019; 10:15:13 AM -0400 		V4.0:(not available)
 V3.0: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2017-18414

cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300).

Published: August 02, 2019; 10:15:13 AM -0400 		V4.0:(not available)
 V3.0: 7.4 HIGH
V2.0: 5.8 MEDIUM
CVE-2016-10826

cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).

Published: August 01, 2019; 3:15:14 PM -0400 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2016-10821

In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).

Published: August 01, 2019; 3:15:14 PM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-10819

In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).

Published: August 01, 2019; 3:15:13 PM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-10818

cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124).

Published: August 01, 2019; 3:15:13 PM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-10817

cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).

Published: August 01, 2019; 3:15:13 PM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2016-10816

cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).

Published: August 01, 2019; 3:15:13 PM -0400 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2016-10815

cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).

Published: August 01, 2019; 3:15:13 PM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM