Vulnerabilities > Cpanel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-01 | CVE-2018-20941 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349). | 5.6 |
| 2019-08-01 | CVE-2018-20937 | Improper Authentication vulnerability in Cpanel cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | 4.3 |
| 2019-08-01 | CVE-2016-10835 | Improper Authentication vulnerability in Cpanel cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). | 4.3 |
| 2019-08-01 | CVE-2016-10832 | Improper Authentication vulnerability in Cpanel cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102). | 6.5 |
| 2019-08-01 | CVE-2016-10829 | Files or Directories Accessible to External Parties vulnerability in Cpanel cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99). | 6.5 |
| 2019-08-01 | CVE-2016-10827 | Cross-site Scripting vulnerability in Cpanel cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96). | 5.4 |
| 2019-08-01 | CVE-2016-10822 | Cross-site Scripting vulnerability in Cpanel cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88). | 5.4 |
| 2019-08-01 | CVE-2018-20935 | Cross-site Scripting vulnerability in Cpanel cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412). | 5.4 |
| 2019-08-01 | CVE-2018-20934 | Improperly Implemented Security Check for Standard vulnerability in Cpanel cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411). | 6.5 |
| 2019-08-01 | CVE-2018-20933 | Cross-site Scripting vulnerability in Cpanel cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410). | 5.4 |