U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:cpanel:cpanel:11.78.0.15:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 119 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2019-14408

cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460).

Published: July 30, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.0: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2019-14407

cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415).

Published: July 30, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.0: 2.7 LOW
V2.0: 4.0 MEDIUM
CVE-2019-14406

cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493).

Published: July 30, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-14405

cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487).

Published: July 30, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2019-14404

cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484).

Published: July 30, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2019-14403

cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483).

Published: July 30, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-14402

cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481).

Published: July 30, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.0: 3.3 LOW
V2.0: 2.1 LOW
CVE-2019-14401

cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480).

Published: July 30, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2019-14400

cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479).

Published: July 30, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2019-14399

The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477).

Published: July 30, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.0: 7.1 HIGH
V2.0: 6.1 MEDIUM
CVE-2019-14398

cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498).

Published: July 30, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2019-14397

cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496).

Published: July 30, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2019-14396

API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495).

Published: July 30, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.0: 3.3 LOW
V2.0: 2.1 LOW
CVE-2019-14395

cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494).

Published: July 30, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.0: 3.3 LOW
V2.0: 2.1 LOW
CVE-2019-14394

cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489).

Published: July 30, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2019-14393

cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486).

Published: July 30, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.0: 5.3 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2018-20870

The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467).

Published: July 30, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2018-20869

cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465).

Published: July 30, 2019; 11:15:10 AM -0400
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2018-20868

cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464).

Published: July 30, 2019; 11:15:10 AM -0400
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20866

cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461).

Published: July 30, 2019; 11:15:10 AM -0400
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM