Vulnerabilities > Cpanel > Cpanel > 11.51.9999.165
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-01 | CVE-2016-10858 | Improper Input Validation vulnerability in Cpanel cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64). | 9.3 |
| 2019-08-01 | CVE-2016-10857 | Improper Access Control vulnerability in Cpanel cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60). | 4.0 |
| 2019-08-01 | CVE-2016-10856 | Improper Access Control vulnerability in Cpanel cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29). | 4.0 |
| 2019-08-01 | CVE-2016-10852 | Improper Access Control vulnerability in Cpanel cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). | 4.0 |
| 2019-08-01 | CVE-2015-9291 | Improper Access Control vulnerability in Cpanel cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221). | 5.0 |
| 2019-08-01 | CVE-2018-20887 | SQL Injection vulnerability in Cpanel cPanel before 74.0.0 allows SQL injection during database backups (SEC-420). | 7.5 |
| 2019-08-01 | CVE-2018-20885 | Injection vulnerability in Cpanel cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). | 5.0 |
| 2019-08-01 | CVE-2018-20884 | Cross-site Scripting vulnerability in Cpanel cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367). | 3.5 |
| 2019-08-01 | CVE-2018-20883 | Improper Input Validation vulnerability in Cpanel cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). | 4.0 |
| 2019-08-01 | CVE-2018-20881 | Cross-site Scripting vulnerability in Cpanel cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446). | 3.5 |