cpanel

426 tracked vulnerabilities.

CVE-2020-26106 HIGH
cPanel < 88.0.3 - Incorrect Permission Assignment for Proxy Subdomains Log File
Sep 25, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-26105 CRITICAL
cPanel < 88.0.3 - Improper Authentication via Insecure chkservd Test Credentials
Sep 25, 2020
CVSS 9.8
EPSS 0.01
CVE-2020-26104 HIGH
cPanel < 88.0.3 - Insecure Storage of Sensitive Information
Sep 25, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-26103 HIGH
cPanel < 88.0.3 - Weak Password Requirements for Mailman on Templated VM
Sep 25, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-26102 HIGH
cPanel < 88.0.3 - Insecure Dovecot API Key Authentication
Sep 25, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-26101 CRITICAL
cPanel < 88.0.3 - Improper Authentication via Insecure RNDC Credentials
Sep 25, 2020
CVSS 9.8
EPSS 0.01
CVE-2020-26100 CRITICAL
chsh <88.0.3 - Privilege Escalation
Sep 25, 2020
CVSS 9.8
EPSS 0.01
CVE-2020-26099 HIGH
cPanel < 88.0.3 - SMTP Greylisting Protection Bypass
Sep 25, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-26098 CRITICAL
cPanel < 88.0.3 - Remote Code Execution via Exim Filter Path Mishandling
Sep 25, 2020
CVSS 9.8
EPSS 0.10
CVE-2020-12785 HIGH
cPanel 11.78.0.1-11.78.0.46 - Unauthenticated Directory Access via Account Backup Feature
May 11, 2020
CVSS 8.1
EPSS 0.00
CVE-2020-12784 MEDIUM
cPanel 11.78.0.1-11.78.0.46 - Bandwidth Suspension via Mail Log Strings
May 11, 2020
CVSS 5.3
EPSS 0.00
CVE-2020-10122 MEDIUM
cPanel 77.9999.110-78.0.45 - Arbitrary File Deletion via Webmail or Demo Account
Mar 17, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-10121 CRITICAL
cPanel 77.9999.110-78.0.45 - Remote Code Execution via PassengerApps APIs
Mar 17, 2020
CVSS 9.8
EPSS 0.01
CVE-2020-10120 HIGH
cPanel < 84.0.20 - Authenticated Remote Code Execution via cpsrvd rsync Shell
Mar 17, 2020
CVSS 7.2
EPSS 0.05
CVE-2020-10119 CRITICAL
cPanel < 84.0.20 - Remote Code Execution via cpsrvd rsync shell
Mar 17, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-10118 CRITICAL
cPanel 77.9999.110-78.0.45 - Unauthenticated Arbitrary File Write via Branding API
Mar 17, 2020
CVSS 9.1
EPSS 0.00
CVE-2020-10117 CRITICAL
cPanel 77.9999.110-78.0.45 - Unauthenticated Demo Mode Bypass via Market UAPI
Mar 17, 2020
CVSS 9.1
EPSS 0.00
CVE-2020-10116 MEDIUM
cPanel 77.9999.110-78.0.45 - Missing Authorization via WebDisk UAPI Calls
Mar 17, 2020
CVSS 5.3
EPSS 0.00
CVE-2020-10115 HIGH
cPanel 77.9999.110-78.0.45 - Remote Code Execution via dnsadmin
Mar 17, 2020
CVSS 7.2
EPSS 0.01
CVE-2020-10114 MEDIUM
cPanel 77.9999.110-78.0.45 - Stored Cross-Site Scripting in HTML File Editor
Mar 17, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-10113 MEDIUM
cPanel 77.9999.110-78.0.45 - Self Cross-Site Scripting via Temporary Character-Set Specification
Mar 17, 2020
CVSS 6.1
EPSS 0.00
CVE-2019-20498 CRITICAL
cPanel 77.9999.110-81.9999.999 - Unauthenticated WebDAV Authentication Bypass
Mar 17, 2020
CVSS 9.8
EPSS 0.00
CVE-2019-20497 MEDIUM
cPanel 77.9999.110-78.0.43 - Stored Cross-Site Scripting via WHM Backup Restoration
Mar 17, 2020
CVSS 5.4
EPSS 0.00
CVE-2019-20496 MEDIUM
cPanel <82.0.18 - Privilege Escalation
Mar 17, 2020
CVSS 5.5
EPSS 0.00
CVE-2019-20495 MEDIUM
cPanel < 82.0.18 - Arbitrary Database Read via MySQL Dump Streaming
Mar 17, 2020
CVSS 6.5
EPSS 0.00
Products
cpanel 417 webhost_manager 5 cgiecho 3 cgiemail 3 whm 3 WHM 1 WP Squared 1 cPanel 1 wp_squared 1
Quick Filters
Critical CVEs With Exploits In CISA KEV