Vulnerabilities > Cpanel > Low

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2017-18385 Improper Access Control vulnerability in Cpanel
cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).
local
low complexity
cpanel CWE-284
2.1
2019-08-02 CVE-2017-18391 Information Exposure vulnerability in Cpanel
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).
local
cpanel CWE-200
1.9
2019-08-01 CVE-2016-10813 Cross-site Scripting vulnerability in Cpanel
cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).
network
cpanel CWE-79
3.5
2019-08-01 CVE-2016-10822 Cross-site Scripting vulnerability in Cpanel
cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).
network
cpanel CWE-79
3.5
2019-08-01 CVE-2016-10827 Cross-site Scripting vulnerability in Cpanel
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).
network
cpanel CWE-79
3.5
2019-08-01 CVE-2018-20936 Incorrect Permission Assignment for Critical Resource vulnerability in Cpanel
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).
local
low complexity
cpanel CWE-732
2.1
2019-08-01 CVE-2018-20939 Information Exposure vulnerability in Cpanel
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).
local
low complexity
cpanel CWE-200
2.1
2019-08-01 CVE-2018-20940 Race Condition vulnerability in Cpanel
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342).
local
low complexity
cpanel CWE-362
2.1
2019-08-01 CVE-2018-20942 Information Exposure vulnerability in Cpanel
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).
local
cpanel CWE-200
1.9
2019-08-01 CVE-2018-20943 Information Exposure vulnerability in Cpanel
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).
local
cpanel CWE-200
1.9