Vulnerabilities > Cpanel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-02 | CVE-2017-18393 | Improper Input Validation vulnerability in Cpanel cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326). | 4.0 |
| 2019-08-02 | CVE-2017-18389 | Injection vulnerability in Cpanel cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318). | 6.5 |
| 2019-08-02 | CVE-2017-18383 | Permissions, Privileges, and Access Controls vulnerability in Cpanel cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309). | 4.6 |
| 2019-08-02 | CVE-2017-18382 | Improper Input Validation vulnerability in Cpanel cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). | 4.0 |
| 2019-08-01 | CVE-2016-10826 | Improper Authentication vulnerability in Cpanel cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93). | 6.5 |
| 2019-08-01 | CVE-2016-10821 | Credentials Management vulnerability in Cpanel In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). | 4.0 |
| 2019-08-01 | CVE-2016-10819 | Information Exposure Through Log Files vulnerability in Cpanel In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125). | 4.0 |
| 2019-08-01 | CVE-2016-10818 | Permission Issues vulnerability in Cpanel cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). | 4.0 |
| 2019-08-01 | CVE-2016-10816 | Improper Input Validation vulnerability in Cpanel cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121). | 6.5 |
| 2019-08-01 | CVE-2016-10815 | Information Exposure vulnerability in Cpanel cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120). | 4.0 |