Cpanel: >> Cpanel >> 11.78.0.16 Security Vulnerabilities
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550).
CVSS Score
7.5
EPSS Score
0.006
Published
2020-09-25
cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505).
CVSS Score
5.3
EPSS Score
0.004
Published
2020-05-11
cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540).
CVSS Score
8.1
EPSS Score
0.003
Published
2020-05-11
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545).
CVSS Score
7.2
EPSS Score
0.054
Published
2020-03-17
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
CVSS Score
9.8
EPSS Score
0.028
Published
2020-03-17
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-09
cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).
CVSS Score
2.7
EPSS Score
0.003
Published
2019-08-02
cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-02
cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-02
cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-02