The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2016-10860 | cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66). | MEDIUM | Aug 12, 2019 | n/a |
| CVE-2016-10859 | cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65). | MEDIUM | Aug 8, 2019 | n/a |
| CVE-2016-10858 | cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64). | HIGH | Aug 9, 2019 | n/a |
| CVE-2016-10857 | cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60). | MEDIUM | Aug 9, 2019 | n/a |
| CVE-2016-10856 | cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29). | MEDIUM | Aug 6, 2019 | n/a |
| CVE-2016-10855 | cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91). | HIGH | Aug 6, 2019 | n/a |
| CVE-2016-10854 | cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87). | LOW | Aug 6, 2019 | n/a |
| CVE-2016-10853 | cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86). | LOW | Aug 8, 2019 | n/a |
| CVE-2016-10852 | cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). | MEDIUM | Aug 8, 2019 | n/a |
| CVE-2016-10851 | cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84). | LOW | Aug 6, 2019 | n/a |
| CVE-2016-10850 | cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83). | HIGH | Aug 6, 2019 | n/a |
| CVE-2016-10849 | cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82). | MEDIUM | Aug 9, 2019 | n/a |
| CVE-2016-10848 | cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81). | HIGH | Aug 8, 2019 | n/a |
| CVE-2016-10847 | cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80). | MEDIUM | Aug 8, 2019 | n/a |
| CVE-2016-10846 | cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79). | HIGH | Aug 8, 2019 | n/a |
| CVE-2016-10845 | cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78). | MEDIUM | Aug 8, 2019 | n/a |
| CVE-2016-10844 | The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77). | MEDIUM | Aug 8, 2019 | n/a |
| CVE-2016-10843 | cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76). | MEDIUM | Aug 8, 2019 | n/a |
| CVE-2016-10842 | cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74). | MEDIUM | Aug 12, 2019 | n/a |
| CVE-2016-10841 | The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73). | LOW | Aug 8, 2019 | n/a |
| CVE-2016-10840 | cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72). | HIGH | Aug 12, 2019 | n/a |
| CVE-2016-10839 | cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71). | MEDIUM | Aug 13, 2019 | n/a |
| CVE-2016-10838 | cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70). | MEDIUM | Aug 13, 2019 | n/a |
| CVE-2016-10837 | cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46). | HIGH | Aug 8, 2019 | n/a |
| CVE-2016-10836 | cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108). | MEDIUM | Aug 13, 2019 | n/a |
| CVE-2016-10835 | cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). | MEDIUM | Aug 12, 2019 | n/a |
| CVE-2016-10834 | cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105). | MEDIUM | Aug 12, 2019 | n/a |
| CVE-2016-10833 | cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104). | MEDIUM | Aug 12, 2019 | n/a |
| CVE-2016-10832 | cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102). | MEDIUM | Aug 12, 2019 | n/a |
| CVE-2016-10831 | cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101). | MEDIUM | Aug 12, 2019 | n/a |
| CVE-2016-10830 | cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100). | MEDIUM | Aug 12, 2019 | n/a |
| CVE-2016-10829 | cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99). | MEDIUM | Aug 12, 2019 | n/a |
| CVE-2016-10828 | cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97). | HIGH | Aug 7, 2019 | n/a |
| CVE-2016-10827 | cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96). | LOW | Aug 7, 2019 | n/a |
| CVE-2016-10826 | cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93). | MEDIUM | Aug 6, 2019 | n/a |
| CVE-2016-10825 | cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92). | MEDIUM | Aug 12, 2019 | n/a |
| CVE-2016-10824 | cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90). | HIGH | Aug 7, 2019 | n/a |
| CVE-2016-10823 | cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89). | HIGH | Aug 7, 2019 | n/a |
| CVE-2016-10822 | cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88). | LOW | Aug 7, 2019 | n/a |
| CVE-2016-10821 | In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). | MEDIUM | Aug 6, 2019 | n/a |
| CVE-2016-10820 | cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31). | HIGH | Aug 6, 2019 | n/a |
| CVE-2016-10819 | In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125). | MEDIUM | Aug 6, 2019 | n/a |
| CVE-2016-10818 | cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). | MEDIUM | Aug 6, 2019 | n/a |
| CVE-2016-10817 | cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123). | HIGH | Aug 6, 2019 | n/a |
| CVE-2016-10816 | cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121). | MEDIUM | Aug 6, 2019 | n/a |
| CVE-2016-10815 | cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120). | MEDIUM | Aug 6, 2019 | n/a |
| CVE-2016-10814 | cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119). | MEDIUM | Aug 13, 2019 | n/a |
| CVE-2016-10813 | cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118). | LOW | Aug 6, 2019 | n/a |
| CVE-2016-10812 | In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117). | HIGH | Aug 12, 2019 | n/a |
| CVE-2016-10811 | In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116). | HIGH | Aug 9, 2019 | n/a |
