Vulnerabilities > Cpanel > Cpanel > 68.0.25
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-01 | CVE-2018-20940 | Race Condition vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). | 2.1 |
2019-08-01 | CVE-2018-20939 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). | 2.1 |
2019-08-01 | CVE-2018-20938 | Improper Access Control vulnerability in Cpanel cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). | 4.0 |
2019-08-01 | CVE-2018-20937 | Improper Authentication vulnerability in Cpanel cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | 4.0 |
2019-08-01 | CVE-2018-20936 | Incorrect Permission Assignment for Critical Resource vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). | 2.1 |
2019-08-01 | CVE-2018-20935 | Cross-site Scripting vulnerability in Cpanel cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412). | 3.5 |
2019-08-01 | CVE-2018-20934 | Improperly Implemented Security Check for Standard vulnerability in Cpanel cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411). | 6.4 |
2019-08-01 | CVE-2018-20933 | Cross-site Scripting vulnerability in Cpanel cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410). | 3.5 |
2019-08-01 | CVE-2018-20932 | File and Directory Information Exposure vulnerability in Cpanel cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406). | 4.0 |
2019-08-01 | CVE-2018-20931 | Code Injection vulnerability in Cpanel cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). | 6.5 |