Known Vulnerabilities for products from Webmin
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Webmin".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-32162 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-04-11 | 2022-04-15 |
| CVE-2021-32161 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-04-11 | 2022-04-15 |
| CVE-2021-32160 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-04-11 | 2022-04-15 |
| CVE-2021-32159 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-04-11 | 2022-04-15 |
| CVE-2021-32158 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-04-11 | 2022-04-15 |
| CVE-2021-32157 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.6 - CRITICAL | 2022-04-11 | 2022-04-14 |
| CVE-2021-32156 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-04-11 | 2022-04-15 |
| CVE-2021-31762 | Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature,... | 8.8 - HIGH | 2021-04-25 | 2021-12-08 |
| CVE-2021-31761 | Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running... | 9.6 - CRITICAL | 2021-04-25 | 2021-12-08 |
| CVE-2021-31760 | Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's runn... | 8.8 - HIGH | 2021-04-25 | 2021-04-28 |
| CVE-2020-35769 | miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program. | 9.8 - CRITICAL | 2020-12-29 | 2022-07-17 |
| CVE-2020-35606 | Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute... | 8.8 - HIGH | 2020-12-21 | 2022-04-26 |
| CVE-2020-12670 | XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when at... | 6.1 - MEDIUM | 2020-10-12 | 2020-10-16 |
| CVE-2020-8821 | An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may... | 5.4 - MEDIUM | 2020-10-12 | 2021-07-21 |
| CVE-2020-8820 | An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any X... | 5.4 - MEDIUM | 2020-10-12 | 2020-10-16 |
| CVE-2019-15642 | rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_vari... | 8.8 - HIGH | 2019-08-26 | 2019-09-04 |
| CVE-2019-15641 | xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlr... | 6.5 - MEDIUM | 2019-08-26 | 2019-08-30 |
| CVE-2019-15107 | An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerabilit... | 9.8 - CRITICAL | 2019-08-16 | 2023-02-28 |
| CVE-2019-12840 | In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privile... | 8.8 - HIGH | 2019-06-15 | 2020-08-24 |
| CVE-2019-9624 | Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download... | 7.8 - HIGH | 2019-03-07 | 2020-08-24 |