Vulnerabilities > Cpanel > Low

DATE CVE VULNERABILITY TITLE RISK
2019-08-01 CVE-2018-20938 Improper Access Control vulnerability in Cpanel
cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).
network
low complexity
cpanel CWE-284
2.7
2019-08-01 CVE-2018-20939 Information Exposure vulnerability in Cpanel
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).
local
low complexity
cpanel CWE-200
3.3
2019-08-01 CVE-2018-20940 Race Condition vulnerability in Cpanel
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342).
local
low complexity
cpanel CWE-362
3.3
2019-08-01 CVE-2018-20942 Information Exposure vulnerability in Cpanel
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).
local
high complexity
cpanel CWE-200
2.5
2019-08-01 CVE-2018-20943 Information Exposure vulnerability in Cpanel
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).
local
high complexity
cpanel CWE-200
2.5
2019-08-01 CVE-2018-20944 Information Exposure vulnerability in Cpanel
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353).
local
low complexity
cpanel CWE-200
3.3
2019-08-01 CVE-2018-20946 Information Exposure vulnerability in Cpanel
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355).
local
low complexity
cpanel CWE-200
3.3
2019-08-01 CVE-2018-20927 Improper Authorization vulnerability in Cpanel
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).
local
low complexity
cpanel CWE-285
3.8
2019-08-01 CVE-2018-20932 File and Directory Information Exposure vulnerability in Cpanel
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).
network
low complexity
cpanel CWE-538
2.7
2019-08-01 CVE-2018-20893 Improper Input Validation vulnerability in Cpanel
cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).
local
low complexity
cpanel CWE-20
2.3