Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-20
Total 9398 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18405 1 Cpanel 1 Cpanel 2019-08-12 2.1 LOW 5.5 MEDIUM
cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345).
CVE-2016-10793 1 Cpanel 1 Cpanel 2019-08-12 6.5 MEDIUM 8.8 HIGH
cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152).
CVE-2016-10800 1 Cpanel 1 Cpanel 2019-08-12 6.8 MEDIUM 7.8 HIGH
cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138).
CVE-2016-10808 1 Cpanel 1 Cpanel 2019-08-12 9.0 HIGH 8.8 HIGH
In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).
CVE-2016-10812 1 Cpanel 1 Cpanel 2019-08-12 9.0 HIGH 8.8 HIGH
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).
CVE-2016-10842 1 Cpanel 1 Cpanel 2019-08-12 4.0 MEDIUM 6.5 MEDIUM
cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74).
CVE-2017-18409 1 Cpanel 1 Cpanel 2019-08-12 4.0 MEDIUM 6.5 MEDIUM
In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283).
CVE-2017-18410 1 Cpanel 1 Cpanel 2019-08-12 4.0 MEDIUM 6.5 MEDIUM
In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284).
CVE-2017-18464 1 Cpanel 1 Cpanel 2019-08-12 5.5 MEDIUM 4.9 MEDIUM
cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226).
CVE-2017-18465 1 Cpanel 1 Cpanel 2019-08-12 2.1 LOW 4.4 MEDIUM
cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227).
CVE-2017-18475 1 Cpanel 1 Cpanel 2019-08-12 6.5 MEDIUM 8.8 HIGH
In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).
CVE-2016-10775 1 Cpanel 1 Cpanel 2019-08-12 6.8 MEDIUM 6.5 MEDIUM
cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173).
CVE-2017-18466 1 Cpanel 1 Cpanel 2019-08-12 4.0 MEDIUM 2.7 LOW
cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228).
CVE-2017-18482 1 Cpanel 1 Cpanel 2019-08-12 4.0 MEDIUM 6.5 MEDIUM
cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213).
CVE-2017-18415 1 Cpanel 1 Cpanel 2019-08-12 4.6 MEDIUM 7.8 HIGH
cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302).
CVE-2017-18411 1 Cpanel 1 Cpanel 2019-08-12 4.0 MEDIUM 6.8 MEDIUM
The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285).
CVE-2007-6763 1 Sas 1 Sas Drug Development 2019-08-12 6.5 MEDIUM 8.8 HIGH
SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser.
CVE-2018-9154 1 Jasper Project 1 Jasper 2019-08-09 5.0 MEDIUM 7.5 HIGH
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745.
CVE-2016-10858 1 Cpanel 1 Cpanel 2019-08-09 9.3 HIGH 9.8 CRITICAL
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).
CVE-2017-18388 1 Cpanel 1 Cpanel 2019-08-09 7.2 HIGH 7.8 HIGH
cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).