Cpanel: >> Cpanel >> 78.0.35 Security Vulnerabilities
In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).
CVSS Score
3.3
EPSS Score
0.001
Published
2020-03-17
cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532).
CVSS Score
5.5
EPSS Score
0.001
Published
2020-03-17
cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533).
CVSS Score
5.4
EPSS Score
0.004
Published
2020-03-17
cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534).
CVSS Score
9.8
EPSS Score
0.002
Published
2020-03-17
cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).
CVSS Score
6.1
EPSS Score
0.004
Published
2020-03-17
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).
CVSS Score
6.1
EPSS Score
0.004
Published
2020-03-17
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537).
CVSS Score
7.2
EPSS Score
0.005
Published
2020-03-17
cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541).
CVSS Score
5.3
EPSS Score
0.002
Published
2020-03-17
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).
CVSS Score
9.1
EPSS Score
0.004
Published
2020-03-17
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543).
CVSS Score
9.1
EPSS Score
0.003
Published
2020-03-17