Vulnerabilities > Cpanel > Low

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2017-18397 Permission Issues vulnerability in Cpanel
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).
local
low complexity
cpanel CWE-275
3.3
2019-08-02 CVE-2017-18398 Improper Input Validation vulnerability in Cpanel
DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331).
network
low complexity
cpanel CWE-20
3.8
2019-08-02 CVE-2017-18399 Permissions, Privileges, and Access Controls vulnerability in Cpanel
cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332).
network
high complexity
cpanel CWE-264
3.7
2019-08-02 CVE-2017-18401 Improper Input Validation vulnerability in Cpanel
cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334).
network
low complexity
cpanel CWE-20
2.7
2019-08-02 CVE-2017-18404 Improper Access Control vulnerability in Cpanel
cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341).
network
high complexity
cpanel CWE-284
3.1
2019-08-02 CVE-2017-18412 Information Exposure Through Log Files vulnerability in Cpanel
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).
local
high complexity
cpanel CWE-532
2.5
2019-08-02 CVE-2017-18382 Improper Input Validation vulnerability in Cpanel
cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).
network
low complexity
cpanel CWE-20
2.7
2019-08-02 CVE-2017-18384 Improper Access Control vulnerability in Cpanel
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).
local
low complexity
cpanel CWE-284
3.8
2019-08-02 CVE-2017-18391 Information Exposure vulnerability in Cpanel
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).
local
high complexity
cpanel CWE-200
2.5
2019-08-01 CVE-2018-20936 Incorrect Permission Assignment for Critical Resource vulnerability in Cpanel
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).
local
low complexity
cpanel CWE-732
3.3