Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-06 | CVE-2016-10792 | Improper Access Control vulnerability in Cpanel cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141). | 8.8 |
| 2019-08-02 | CVE-2017-18457 | Improper Access Control vulnerability in Cpanel cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). | 4.4 |
| 2019-08-02 | CVE-2017-18421 | Improper Access Control vulnerability in Cpanel cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271). | 3.3 |
| 2019-08-02 | CVE-2017-18416 | Improper Access Control vulnerability in Cpanel cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303). | 5.5 |
| 2019-08-02 | CVE-2017-18404 | Improper Access Control vulnerability in Cpanel cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). | 3.1 |
| 2019-08-02 | CVE-2017-18403 | Improper Access Control vulnerability in Cpanel cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337). | 6.3 |
| 2019-08-02 | CVE-2017-18385 | Improper Access Control vulnerability in Cpanel cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). | 5.5 |
| 2019-08-02 | CVE-2017-18384 | Improper Access Control vulnerability in Cpanel cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). | 3.8 |
| 2019-08-01 | CVE-2016-10820 | Improper Access Control vulnerability in Cpanel cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31). | 8.8 |
| 2019-08-01 | CVE-2018-20938 | Improper Access Control vulnerability in Cpanel cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). | 2.7 |