CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-20494
https://notcve.org/view.php?id=CVE-2019-20494
17 Mar 2020 — In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525). En cPanel versiones anteriores a 82.0.18, una función Cpanel::Rand::Get puede producir una serie de números predecibles. (SEC-525). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-330: Use of Insufficiently Random Values •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-20493
https://notcve.org/view.php?id=CVE-2019-20493
17 Mar 2020 — cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520). cPanel versiones anteriores a 82.0.18, permite un ataque de tipo auto-XSS porque el escape de la cadena JSON es manejado inapropiadamente (SEC-520). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-20492
https://notcve.org/view.php?id=CVE-2019-20492
17 Mar 2020 — cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516). cPanel versiones anteriores a 82.0.18, permite omitir la autenticación debido al análisis inapropiado del formato del archivo de contraseña (SEC-516). • https://documentation.cpanel.net/display/CL/82+Change+Log •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-20490
https://notcve.org/view.php?id=CVE-2019-20490
17 Mar 2020 — cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499). cPanel versiones anteriores a 82.0.18, permite omitir la autenticación porque los nombres de usuario de correo web son procesados inconsistentemente (SEC-499). • https://documentation.cpanel.net/display/CL/82+Change+Log •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-20491
https://notcve.org/view.php?id=CVE-2019-20491
16 Mar 2020 — cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508). cPanel versiones anteriores a 82.0.18, permite a atacantes aprovechar las cuentas de correo virtuales para omitir las suspensiones de cuenta (SEC-508). • https://documentation.cpanel.net/display/CL/82+Change+Log •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17380
https://notcve.org/view.php?id=CVE-2019-17380
09 Oct 2019 — cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528). cPanel versiones anteriores a 82.0.15, permite un ataque de tipo XSS propio en la interfaz WHM Update Preferences (SEC-528). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17379
https://notcve.org/view.php?id=CVE-2019-17379
09 Oct 2019 — cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527). cPanel versiones anteriores a 82.0.15, permite un ataque de tipo XSS auto almacenado en la interfaz WHM SSL Storage Manager (SEC-527). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17378
https://notcve.org/view.php?id=CVE-2019-17378
09 Oct 2019 — cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526). cPanel versiones anteriores a 82.0.15, permite un ataque de tipo XSS propio en la interfaz SSL Key Delete (SEC-526). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17377
https://notcve.org/view.php?id=CVE-2019-17377
09 Oct 2019 — cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524). cPanel versiones anteriores a 82.0.15, permite un ataque de tipo XSS propio en scripts de ejemplo de LiveAPI (SEC-524). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17376
https://notcve.org/view.php?id=CVE-2019-17376
09 Oct 2019 — cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521). cPanel versiones anteriores a 82.0.15, permite un ataque de tipo XSS propio en la interfaz SSL Certificate Upload (SEC-521). • https://documentation.cpanel.net/display/CL/82+Change+Log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •