Vulnerabilities > Cpanel > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-11 CVE-2021-38584 XXE vulnerability in Cpanel
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).
network
low complexity
cpanel CWE-611
7.2
2021-08-11 CVE-2021-38585 Deserialization of Untrusted Data vulnerability in Cpanel
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).
network
low complexity
cpanel CWE-502
7.2
2021-08-11 CVE-2021-38587 Race Condition vulnerability in Cpanel
In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).
network
low complexity
cpanel CWE-362
7.5
2021-08-11 CVE-2021-38588 Download of Code Without Integrity Check vulnerability in Cpanel
In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587).
network
high complexity
cpanel CWE-494
8.1
2021-08-11 CVE-2021-38589 Unspecified vulnerability in Cpanel
In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588).
network
low complexity
cpanel
8.1
2021-01-26 CVE-2021-26267 Unspecified vulnerability in Cpanel
cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).
network
low complexity
cpanel
7.5
2021-01-26 CVE-2021-26266 Unspecified vulnerability in Cpanel
cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).
network
low complexity
cpanel
7.5
2020-09-25 CVE-2020-26112 Unspecified vulnerability in Cpanel
The email quota cache in cPanel before 90.0.10 allows overwriting of files.
network
low complexity
cpanel
7.5
2020-09-25 CVE-2020-26109 Unspecified vulnerability in Cpanel
cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557).
network
low complexity
cpanel
7.5
2020-09-25 CVE-2020-26107 Use of Insufficiently Random Values vulnerability in Cpanel
cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561).
network
low complexity
cpanel CWE-330
7.5