Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:cpanel:cpanel:11.52.0.20:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-14396 |
API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2019-14395 |
cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2019-14394 |
cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2019-14393 |
cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2018-20870 |
The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2018-20869 |
cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2018-20868 |
cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20866 |
cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20865 |
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20864 |
cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 6.4 MEDIUM |
CVE-2018-20863 |
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-20862 |
cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 2.1 LOW |
CVE-2019-14392 |
cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501). Published: July 30, 2019; 10:15:15 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-20867 |
cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). Published: July 30, 2019; 10:15:14 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2019-14391 |
cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2019-14390 |
cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-14389 |
cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 2.1 LOW |
CVE-2019-14388 |
cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-14387 |
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-14386 |
cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |