Vulnerabilities > Cpanel > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2017-18393 Improper Input Validation vulnerability in Cpanel
cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).
network
low complexity
cpanel CWE-20
4.0
2019-08-02 CVE-2017-18389 Injection vulnerability in Cpanel
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).
network
low complexity
cpanel CWE-74
6.5
2019-08-02 CVE-2017-18383 Permissions, Privileges, and Access Controls vulnerability in Cpanel
cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309).
local
low complexity
cpanel CWE-264
4.6
2019-08-02 CVE-2017-18382 Improper Input Validation vulnerability in Cpanel
cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).
network
low complexity
cpanel CWE-20
4.0
2019-08-01 CVE-2016-10826 Improper Authentication vulnerability in Cpanel
cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).
network
low complexity
cpanel CWE-287
6.5
2019-08-01 CVE-2016-10821 Credentials Management vulnerability in Cpanel
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).
network
low complexity
cpanel CWE-255
4.0
2019-08-01 CVE-2016-10819 Information Exposure Through Log Files vulnerability in Cpanel
In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).
network
low complexity
cpanel CWE-532
4.0
2019-08-01 CVE-2016-10818 Permission Issues vulnerability in Cpanel
cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124).
network
low complexity
cpanel CWE-275
4.0
2019-08-01 CVE-2016-10816 Improper Input Validation vulnerability in Cpanel
cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).
network
low complexity
cpanel CWE-20
6.5
2019-08-01 CVE-2016-10815 Information Exposure vulnerability in Cpanel
cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).
network
low complexity
cpanel CWE-200
4.0