Vulnerabilities > Cpanel > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-02 | CVE-2017-18397 | Permission Issues vulnerability in Cpanel cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). | 3.3 |
2019-08-02 | CVE-2017-18398 | Improper Input Validation vulnerability in Cpanel DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331). | 3.8 |
2019-08-02 | CVE-2017-18399 | Permissions, Privileges, and Access Controls vulnerability in Cpanel cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332). | 3.7 |
2019-08-02 | CVE-2017-18401 | Improper Input Validation vulnerability in Cpanel cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334). | 2.7 |
2019-08-02 | CVE-2017-18404 | Improper Access Control vulnerability in Cpanel cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). | 3.1 |
2019-08-02 | CVE-2017-18412 | Information Exposure Through Log Files vulnerability in Cpanel cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296). | 2.5 |
2019-08-02 | CVE-2017-18382 | Improper Input Validation vulnerability in Cpanel cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). | 2.7 |
2019-08-02 | CVE-2017-18384 | Improper Access Control vulnerability in Cpanel cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). | 3.8 |
2019-08-02 | CVE-2017-18391 | Information Exposure vulnerability in Cpanel cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323). | 2.5 |
2019-08-01 | CVE-2018-20936 | Incorrect Permission Assignment for Critical Resource vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). | 3.3 |