Vulnerabilities > Cpanel > Low

DATE CVE VULNERABILITY TITLE RISK
2020-03-17 CVE-2019-20494 Use of Insufficiently Random Values vulnerability in Cpanel
In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).
local
low complexity
cpanel CWE-330
3.3
2019-08-06 CVE-2016-10796 Permission Issues vulnerability in Cpanel
cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130).
local
low complexity
cpanel CWE-275
3.3
2019-08-05 CVE-2016-10772 7PK - Security Features vulnerability in Cpanel
cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168).
local
low complexity
cpanel CWE-254
3.3
2019-08-05 CVE-2017-18466 Improper Input Validation vulnerability in Cpanel
cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228).
network
low complexity
cpanel CWE-20
2.7
2019-08-02 CVE-2017-18436 Information Exposure vulnerability in Cpanel
cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239).
low complexity
cpanel CWE-200
3.5
2019-08-02 CVE-2017-18455 Permissions, Privileges, and Access Controls vulnerability in Cpanel
In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208).
network
low complexity
cpanel CWE-264
2.7
2019-08-02 CVE-2017-18458 Improper Input Validation vulnerability in Cpanel
cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219).
local
low complexity
cpanel CWE-20
3.3
2019-08-02 CVE-2017-18421 Improper Access Control vulnerability in Cpanel
cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271).
local
low complexity
cpanel CWE-284
3.3
2019-08-02 CVE-2017-18422 Permission Issues vulnerability in Cpanel
In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272).
local
low complexity
cpanel CWE-275
3.3
2019-08-02 CVE-2017-18423 Information Exposure Through Log Files vulnerability in Cpanel
In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).
local
low complexity
cpanel CWE-532
3.3