Vulnerabilities > Cpanel > High

DATE CVE VULNERABILITY TITLE RISK
2020-09-25 CVE-2020-26106 Incorrect Permission Assignment for Critical Resource vulnerability in Cpanel
cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558).
network
low complexity
cpanel CWE-732
7.5
2020-09-25 CVE-2020-26104 Insecure Storage of Sensitive Information vulnerability in Cpanel
In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552).
network
low complexity
cpanel CWE-922
7.5
2020-09-25 CVE-2020-26103 Weak Password Requirements vulnerability in Cpanel
In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551).
network
low complexity
cpanel CWE-521
7.5
2020-09-25 CVE-2020-26102 Unspecified vulnerability in Cpanel
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550).
network
low complexity
cpanel
7.5
2020-09-25 CVE-2020-26099 Unspecified vulnerability in Cpanel
cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491).
network
low complexity
cpanel
7.5
2020-05-11 CVE-2020-12785 Unspecified vulnerability in Cpanel
cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540).
network
low complexity
cpanel
8.1
2020-03-17 CVE-2020-10120 Unspecified vulnerability in Cpanel
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545).
network
low complexity
cpanel
7.2
2020-03-17 CVE-2020-10115 Unspecified vulnerability in Cpanel
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin.
network
low complexity
cpanel
7.2
2020-03-17 CVE-2019-20492 Unspecified vulnerability in Cpanel
cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516).
network
low complexity
cpanel
8.8
2020-03-17 CVE-2019-20490 Unspecified vulnerability in Cpanel
cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499).
network
low complexity
cpanel
8.8