Vulnerabilities > Cpanel > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-02 | CVE-2017-18424 | Information Exposure vulnerability in Cpanel In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274). | 3.3 |
| 2019-08-02 | CVE-2017-18425 | Permission Issues vulnerability in Cpanel In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). | 2.5 |
| 2019-08-02 | CVE-2017-18426 | Information Exposure Through Log Files vulnerability in Cpanel cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288). | 2.7 |
| 2019-08-02 | CVE-2017-18427 | Permission Issues vulnerability in Cpanel In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289). | 3.3 |
| 2019-08-02 | CVE-2017-18428 | Information Exposure vulnerability in Cpanel In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). | 2.5 |
| 2019-08-02 | CVE-2017-18429 | 7PK - Security Features vulnerability in Cpanel In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). | 3.3 |
| 2019-08-02 | CVE-2017-18392 | Improper Input Validation vulnerability in Cpanel cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325). | 2.0 |
| 2019-08-02 | CVE-2017-18393 | Improper Input Validation vulnerability in Cpanel cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326). | 2.7 |
| 2019-08-02 | CVE-2017-18394 | Improper Input Validation vulnerability in Cpanel cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327). | 2.7 |
| 2019-08-02 | CVE-2017-18395 | Improper Input Validation vulnerability in Cpanel cPanel before 68.0.15 does not block a username of ssl (SEC-328). | 2.7 |