Vulnerabilities > Cpanel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-02 | CVE-2017-18438 | XXE vulnerability in Cpanel cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242). | 6.5 |
| 2019-08-02 | CVE-2017-18431 | Improper Input Validation vulnerability in Cpanel cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941). | 5.0 |
| 2019-08-02 | CVE-2017-18430 | Improper Input Validation vulnerability in Cpanel In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294). | 4.6 |
| 2019-08-02 | CVE-2017-18426 | Information Exposure Through Log Files vulnerability in Cpanel cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288). | 4.0 |
| 2019-08-02 | CVE-2017-18415 | Improper Input Validation vulnerability in Cpanel cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302). | 4.6 |
| 2019-08-02 | CVE-2017-18414 | Open Redirect vulnerability in Cpanel cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300). | 5.8 |
| 2019-08-02 | CVE-2017-18413 | Permissions, Privileges, and Access Controls vulnerability in Cpanel In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299). | 4.6 |
| 2019-08-02 | CVE-2017-18411 | Improper Input Validation vulnerability in Cpanel The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285). | 4.0 |
| 2019-08-02 | CVE-2017-18410 | Improper Input Validation vulnerability in Cpanel In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284). | 4.0 |
| 2019-08-02 | CVE-2017-18409 | Improper Input Validation vulnerability in Cpanel In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283). | 4.0 |