CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cpanel » Cpanel » 56.0.51 : Security Vulnerabilities Published In 2019 (Gain Information)

Cpe Name:cpe:/a:cpanel:cpanel:56.0.51
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-14409 200 +Info 2019-07-30 2019-07-30
2.1
None Local Low Not required Partial None None
cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466).
2 CVE-2019-14407 200 +Info 2019-07-30 2019-07-30
4.0
None Remote Low Single system Partial None None
cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415).
3 CVE-2019-14404 200 +Info 2019-07-30 2019-07-30
4.9
None Local Low Not required Complete None None
cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484).
4 CVE-2019-14399 200 +Info 2019-07-30 2019-07-31
6.1
None Local Low Not required Complete Partial Partial
The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477).
5 CVE-2019-14395 200 +Info 2019-07-30 2019-07-31
2.1
None Local Low Not required Partial None None
cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494).
6 CVE-2019-14394 200 +Info 2019-07-30 2019-07-31
2.1
None Local Low Not required Partial None None
cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489).
7 CVE-2018-20913 200 +Info 2019-08-01 2019-08-02
3.5
None Remote Medium Single system Partial None None
cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364).
8 CVE-2018-20902 200 +Info 2019-08-01 2019-08-02
2.1
None Local Low Not required Partial None None
cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408).
9 CVE-2018-20870 200 +Info 2019-07-30 2019-07-31
2.1
None Local Low Not required Partial None None
The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467).
Total number of vulnerabilities : 9   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.