Vulnerabilities > Cpanel > Low

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2017-18424 Information Exposure vulnerability in Cpanel
In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).
local
low complexity
cpanel CWE-200
3.3
2019-08-02 CVE-2017-18425 Permission Issues vulnerability in Cpanel
In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).
local
high complexity
cpanel CWE-275
2.5
2019-08-02 CVE-2017-18426 Information Exposure Through Log Files vulnerability in Cpanel
cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).
network
low complexity
cpanel CWE-532
2.7
2019-08-02 CVE-2017-18427 Permission Issues vulnerability in Cpanel
In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289).
local
low complexity
cpanel CWE-275
3.3
2019-08-02 CVE-2017-18428 Information Exposure vulnerability in Cpanel
In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).
local
high complexity
cpanel CWE-200
2.5
2019-08-02 CVE-2017-18429 7PK - Security Features vulnerability in Cpanel
In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291).
local
low complexity
cpanel CWE-254
3.3
2019-08-02 CVE-2017-18392 Improper Input Validation vulnerability in Cpanel
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).
network
high complexity
cpanel CWE-20
2.0
2019-08-02 CVE-2017-18393 Improper Input Validation vulnerability in Cpanel
cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).
network
low complexity
cpanel CWE-20
2.7
2019-08-02 CVE-2017-18394 Improper Input Validation vulnerability in Cpanel
cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327).
network
low complexity
cpanel CWE-20
2.7
2019-08-02 CVE-2017-18395 Improper Input Validation vulnerability in Cpanel
cPanel before 68.0.15 does not block a username of ssl (SEC-328).
network
low complexity
cpanel CWE-20
2.7