Vulnerabilities > Cpanel > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-01 | CVE-2018-20938 | Improper Access Control vulnerability in Cpanel cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). | 2.7 |
2019-08-01 | CVE-2018-20939 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). | 3.3 |
2019-08-01 | CVE-2018-20940 | Race Condition vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). | 3.3 |
2019-08-01 | CVE-2018-20942 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). | 2.5 |
2019-08-01 | CVE-2018-20943 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). | 2.5 |
2019-08-01 | CVE-2018-20944 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). | 3.3 |
2019-08-01 | CVE-2018-20946 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). | 3.3 |
2019-08-01 | CVE-2018-20927 | Improper Authorization vulnerability in Cpanel cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). | 3.8 |
2019-08-01 | CVE-2018-20932 | File and Directory Information Exposure vulnerability in Cpanel cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406). | 2.7 |
2019-08-01 | CVE-2018-20893 | Improper Input Validation vulnerability in Cpanel cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442). | 2.3 |