Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:cpanel:cpanel:66.0.23:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-20947 |
cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2018-20946 |
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2018-20945 |
bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.7 MEDIUM V2.0: 7.9 HIGH |
CVE-2018-20944 |
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2018-20943 |
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 2.5 LOW V2.0: 1.9 LOW |
CVE-2018-20942 |
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 2.5 LOW V2.0: 1.9 LOW |
CVE-2018-20940 |
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2018-20939 |
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2018-20937 |
cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2018-20936 |
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2018-20923 |
cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377). Published: August 01, 2019; 11:15:14 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20922 |
cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376). Published: August 01, 2019; 11:15:14 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20921 |
cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375). Published: August 01, 2019; 11:15:14 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20920 |
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374). Published: August 01, 2019; 11:15:14 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20919 |
cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373). Published: August 01, 2019; 11:15:14 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20918 |
cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372). Published: August 01, 2019; 11:15:14 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20917 |
cPanel before 70.0.23 allows any user to disable Solr (SEC-371). Published: August 01, 2019; 11:15:14 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2018-20916 |
cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370). Published: August 01, 2019; 11:15:14 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-20915 |
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369). Published: August 01, 2019; 11:15:14 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-20914 |
In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368). Published: August 01, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.0: 7.3 HIGH V2.0: 4.9 MEDIUM |