Total
417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10120 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 9.0 HIGH | 7.2 HIGH |
| cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545). | |||||
| CVE-2020-10117 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542). | |||||
| CVE-2020-26107 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561). | |||||
| CVE-2019-14404 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). | |||||
| CVE-2019-14409 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466). | |||||
| CVE-2020-26101 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). | |||||
| CVE-2020-10116 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541). | |||||
| CVE-2020-12784 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505). | |||||
| CVE-2020-26106 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558). | |||||
| CVE-2020-10122 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547). | |||||
| CVE-2019-14394 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). | |||||
| CVE-2020-26102 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). | |||||
| CVE-2020-26105 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). | |||||
| CVE-2020-12785 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540). | |||||
| CVE-2019-14399 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 6.1 MEDIUM | 7.1 HIGH |
| The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477). | |||||
| CVE-2021-31803 | 1 Cpanel | 1 Cpanel | 2021-05-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581). | |||||
| CVE-2021-26266 | 1 Cpanel | 1 Cpanel | 2021-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578). | |||||
| CVE-2020-29137 | 1 Cpanel | 1 Cpanel | 2020-12-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577). | |||||
| CVE-2020-26099 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491). | |||||
| CVE-2020-26098 | 1 Cpanel | 1 Cpanel | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). | |||||