) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:cpanel:cpanel:82.0.15:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2020-26104 |
In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). Published: September 25, 2020; 2:15:14 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2020-26103 |
In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551). Published: September 25, 2020; 2:15:14 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2020-26102 |
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). Published: September 25, 2020; 2:15:13 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2020-26101 |
In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). Published: September 25, 2020; 2:15:13 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
| CVE-2020-26100 |
chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). Published: September 25, 2020; 2:15:13 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2020-26099 |
cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491). Published: September 25, 2020; 2:15:13 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2020-26098 |
cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). Published: September 25, 2020; 2:15:13 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2020-10120 |
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545). Published: March 17, 2020; 11:15:14 AM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 9.0 HIGH |
| CVE-2020-10119 |
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544). Published: March 17, 2020; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2019-20498 |
cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534). Published: March 17, 2020; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2019-20497 |
cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533). Published: March 17, 2020; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2019-20496 |
cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532). Published: March 17, 2020; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
| CVE-2019-20495 |
cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531). Published: March 17, 2020; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2019-20494 |
In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525). Published: March 17, 2020; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 2.1 LOW |
| CVE-2019-20493 |
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520). Published: March 17, 2020; 11:15:12 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-20492 |
cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516). Published: March 17, 2020; 11:15:12 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2019-20490 |
cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499). Published: March 17, 2020; 11:15:12 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2019-20491 |
cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508). Published: March 16, 2020; 5:15:12 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 5.5 MEDIUM |
| CVE-2008-6927 |
Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action. Published: August 10, 2009; 4:30:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2008-6926 |
Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory. Published: August 10, 2009; 4:30:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |