Vulnerabilities > Cpanel > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-17 | CVE-2020-10120 | Incorrect Authorization vulnerability in Cpanel cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545). | 9.0 |
| 2020-03-17 | CVE-2020-10115 | Improper Input Validation vulnerability in Cpanel cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. | 9.0 |
| 2019-08-07 | CVE-2016-10812 | Improper Input Validation vulnerability in Cpanel In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117). | 9.0 |
| 2019-08-07 | CVE-2016-10811 | Information Exposure vulnerability in Cpanel In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116). | 9.0 |
| 2019-08-07 | CVE-2016-10810 | Information Exposure vulnerability in Cpanel In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115). | 9.0 |
| 2019-08-07 | CVE-2016-10809 | Information Exposure vulnerability in Cpanel In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114). | 9.0 |
| 2019-08-07 | CVE-2016-10808 | Improper Input Validation vulnerability in Cpanel In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113). | 9.0 |
| 2019-08-06 | CVE-2016-10788 | Improper Input Validation vulnerability in Cpanel cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188). | 9.0 |
| 2019-08-02 | CVE-2017-18433 | Improper Input Validation vulnerability in Cpanel cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236). | 9.0 |
| 2019-08-02 | CVE-2017-18387 | Injection vulnerability in Cpanel cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314). | 9.0 |