Vulnerabilities > Cpanel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-01 | CVE-2018-20941 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349). | 5.6 |
| 2019-08-01 | CVE-2018-20940 | Race Condition vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). | 3.3 |
| 2019-08-01 | CVE-2018-20939 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). | 3.3 |
| 2019-08-01 | CVE-2018-20938 | Improper Access Control vulnerability in Cpanel cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). | 2.7 |
| 2019-08-01 | CVE-2018-20937 | Improper Authentication vulnerability in Cpanel cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | 4.3 |
| 2019-08-01 | CVE-2018-20936 | Incorrect Permission Assignment for Critical Resource vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). | 3.3 |
| 2019-08-01 | CVE-2016-10835 | Improper Authentication vulnerability in Cpanel cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). | 4.3 |
| 2019-08-01 | CVE-2016-10834 | Improperly Implemented Security Check for Standard vulnerability in Cpanel cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105). | 8.8 |
| 2019-08-01 | CVE-2016-10833 | Improper Authentication vulnerability in Cpanel cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104). | 7.5 |
| 2019-08-01 | CVE-2016-10832 | Improper Authentication vulnerability in Cpanel cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102). | 6.5 |