Vulnerabilities > Cpanel > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-09-25 CVE-2020-26108 Unspecified vulnerability in Cpanel
cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).
network
low complexity
cpanel
critical
9.8
2020-09-25 CVE-2020-26105 Improper Authentication vulnerability in Cpanel
In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).
network
low complexity
cpanel CWE-287
critical
9.8
2020-09-25 CVE-2020-26101 Improper Authentication vulnerability in Cpanel
In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549).
network
low complexity
cpanel CWE-287
critical
9.8
2020-09-25 CVE-2020-26100 Unspecified vulnerability in Cpanel
chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).
network
low complexity
cpanel
critical
9.8
2020-09-25 CVE-2020-26098 Unspecified vulnerability in Cpanel
cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).
network
low complexity
cpanel
critical
9.8
2020-03-17 CVE-2020-10121 Unspecified vulnerability in Cpanel
cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546).
network
low complexity
cpanel
critical
9.8
2020-03-17 CVE-2020-10119 Unspecified vulnerability in Cpanel
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
network
low complexity
cpanel
critical
9.8
2020-03-17 CVE-2020-10118 Unspecified vulnerability in Cpanel
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543).
network
low complexity
cpanel
critical
9.1
2020-03-17 CVE-2020-10117 Unspecified vulnerability in Cpanel
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).
network
low complexity
cpanel
critical
9.1
2020-03-17 CVE-2019-20498 Unspecified vulnerability in Cpanel
cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534).
network
low complexity
cpanel
critical
9.8