Proteus® NextGen Data Privacy™ users can receive automated alerts using this data by linking it to their ITIL CMDB (IT asset register)

2024

2023

2022

2021

2020

2019

CVE-2019-14397 (v3: 5.3) 30 Jul 2019
cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496).

2018

CVE-2018-20938 (v3: 2.7) 1 Aug 2019
cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).
CVE-2018-20930 (v3: 6.5) 1 Aug 2019
cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401).
CVE-2018-20890 (v3: 4.3) 1 Aug 2019
cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426).

2017

CVE-2017-18457 (v3: 4.4) 2 Aug 2019
cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218).
CVE-2017-18421 (v3: 3.3) 2 Aug 2019
cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271).
CVE-2017-18403 (v3: 6.3) 2 Aug 2019
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).
CVE-2017-18404 (v3: 3.1) 2 Aug 2019
cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341).
CVE-2017-18416 (v3: 5.5) 2 Aug 2019
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303).
CVE-2017-18384 (v3: 3.8) 2 Aug 2019
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).
CVE-2017-18385 (v3: 5.5) 2 Aug 2019
cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).

2016

CVE-2016-10799 (v3: 5.5) 7 Aug 2019
cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137).
CVE-2016-10802 (v3: 8.8) 7 Aug 2019
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).
CVE-2016-10792 (v3: 8.8) 6 Aug 2019
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141).
CVE-2016-10820 (v3: 8.8) 1 Aug 2019
cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).
CVE-2016-10830 (v3: 8.1) 1 Aug 2019
cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).
CVE-2016-10838 (v3: 6.5) 1 Aug 2019
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).
CVE-2016-10857 (v3: 6.5) 1 Aug 2019
cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60).
CVE-2016-10860 (v3: 8.1) 1 Aug 2019
cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66).
CVE-2016-10852 (v3: 6.5) 1 Aug 2019
cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85).
CVE-2016-10856 (v3: 6.5) 1 Aug 2019
cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29).

2015

CVE-2015-9291 (v3: 7.5) 1 Aug 2019
cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221).