) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:cpanel:cpanel:62.0.35:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2018-20951 |
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). Published: August 01, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-20950 |
cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386). Published: August 01, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-20949 |
cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). Published: August 01, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-20948 |
cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). Published: August 01, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-20947 |
cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2018-20946 |
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
| CVE-2018-20945 |
bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.7 MEDIUM V2.0: 7.9 HIGH |
| CVE-2018-20944 |
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
| CVE-2018-20943 |
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 2.5 LOW V2.0: 1.9 LOW |
| CVE-2018-20942 |
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 2.5 LOW V2.0: 1.9 LOW |
| CVE-2018-20940 |
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
| CVE-2018-20939 |
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
| CVE-2018-20937 |
cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2018-20936 |
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
| CVE-2018-20935 |
cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412). Published: August 01, 2019; 12:15:14 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2018-20934 |
cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411). Published: August 01, 2019; 12:15:14 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 6.4 MEDIUM |
| CVE-2018-20933 |
cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410). Published: August 01, 2019; 12:15:14 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2018-20932 |
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406). Published: August 01, 2019; 12:15:13 PM -0400 |
V4.0:(not available) V3.0: 2.7 LOW V2.0: 4.0 MEDIUM |
| CVE-2018-20931 |
cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). Published: August 01, 2019; 12:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.3 MEDIUM V2.0: 6.5 MEDIUM |
| CVE-2018-20930 |
cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). Published: August 01, 2019; 12:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 6.4 MEDIUM |