Vulnerabilities > Cpanel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-02 | CVE-2017-18384 | Improper Access Control vulnerability in Cpanel cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). | 2.1 |
| 2019-08-02 | CVE-2017-18383 | Permissions, Privileges, and Access Controls vulnerability in Cpanel cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309). | 4.6 |
| 2019-08-02 | CVE-2017-18382 | Improper Input Validation vulnerability in Cpanel cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). | 4.0 |
| 2019-08-01 | CVE-2016-10826 | Improper Authentication vulnerability in Cpanel cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93). | 6.5 |
| 2019-08-01 | CVE-2016-10821 | Credentials Management vulnerability in Cpanel In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). | 4.0 |
| 2019-08-01 | CVE-2016-10820 | Improper Access Control vulnerability in Cpanel cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31). | 9.0 |
| 2019-08-01 | CVE-2016-10819 | Information Exposure Through Log Files vulnerability in Cpanel In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125). | 4.0 |
| 2019-08-01 | CVE-2016-10818 | Permission Issues vulnerability in Cpanel cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). | 4.0 |
| 2019-08-01 | CVE-2016-10817 | SQL Injection vulnerability in Cpanel cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123). | 10.0 |
| 2019-08-01 | CVE-2016-10816 | Improper Input Validation vulnerability in Cpanel cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121). | 6.5 |