Filtered by vendor Hestiacp
Subscriptions
Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-30070 | 1 Hestiacp | 1 Hestiacp | 2024-11-21 | 7.5 High |
| An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager. | ||||
| CVE-2021-27231 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 5.4 Medium |
| Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages. | ||||
| CVE-2020-10966 | 2 Hestiacp, Vestacp | 2 Control Panel, Control Panel | 2024-11-21 | 6.5 Medium |
| In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name. | ||||