U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:cpanel:cpanel:62.0.1:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 239 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2017-18388

cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).

Published: August 02, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2017-18387

cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).

Published: August 02, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-18386

cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).

Published: August 02, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2017-18385

cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).

Published: August 02, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2017-18384

cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).

Published: August 02, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 3.8 LOW
V2.0: 2.1 LOW
CVE-2017-18383

cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309).

Published: August 02, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2017-18382

cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).

Published: August 02, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 2.7 LOW
V2.0: 4.0 MEDIUM
CVE-2018-20953

cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).

Published: August 01, 2019; 1:15:13 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20952

cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).

Published: August 01, 2019; 1:15:13 PM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2018-20951

cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).

Published: August 01, 2019; 1:15:13 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20950

cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).

Published: August 01, 2019; 1:15:13 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20949

cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385).

Published: August 01, 2019; 1:15:13 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20948

cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383).

Published: August 01, 2019; 1:15:13 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20947

cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).

Published: August 01, 2019; 1:15:12 PM -0400 		V4.0:(not available)
 V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2018-20946

cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355).

Published: August 01, 2019; 1:15:12 PM -0400 		V4.0:(not available)
 V3.0: 3.3 LOW
V2.0: 2.1 LOW
CVE-2018-20945

bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354).

Published: August 01, 2019; 1:15:12 PM -0400 		V4.0:(not available)
 V3.0: 5.7 MEDIUM
V2.0: 7.9 HIGH
CVE-2018-20944

cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353).

Published: August 01, 2019; 1:15:12 PM -0400 		V4.0:(not available)
 V3.0: 3.3 LOW
V2.0: 2.1 LOW
CVE-2018-20943

cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).

Published: August 01, 2019; 1:15:12 PM -0400 		V4.0:(not available)
 V3.0: 2.5 LOW
V2.0: 1.9 LOW
CVE-2018-20942

cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).

Published: August 01, 2019; 1:15:12 PM -0400 		V4.0:(not available)
 V3.0: 2.5 LOW
V2.0: 1.9 LOW
CVE-2018-20940

cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342).

Published: August 01, 2019; 1:15:12 PM -0400 		V4.0:(not available)
 V3.0: 3.3 LOW
V2.0: 2.1 LOW