Vulnerabilities > Cpanel > Cpanel > 62.0.35
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-01 | CVE-2018-20948 | Cross-site Scripting vulnerability in Cpanel cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). | 4.3 |
| 2019-08-01 | CVE-2018-20947 | Exposure of Resource to Wrong Sphere vulnerability in Cpanel cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). | 2.1 |
| 2019-08-01 | CVE-2018-20946 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). | 2.1 |
| 2019-08-01 | CVE-2018-20945 | Improper Authorization vulnerability in Cpanel bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). | 7.9 |
| 2019-08-01 | CVE-2018-20944 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). | 2.1 |
| 2019-08-01 | CVE-2018-20943 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). | 1.9 |
| 2019-08-01 | CVE-2018-20942 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). | 1.9 |
| 2019-08-01 | CVE-2018-20940 | Race Condition vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). | 2.1 |
| 2019-08-01 | CVE-2018-20939 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). | 2.1 |
| 2019-08-01 | CVE-2018-20937 | Improper Authentication vulnerability in Cpanel cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | 4.0 |