Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-02 | CVE-2017-18395 | Improper Input Validation vulnerability in Cpanel cPanel before 68.0.15 does not block a username of ssl (SEC-328). | 2.7 |
| 2019-08-02 | CVE-2017-18394 | Improper Input Validation vulnerability in Cpanel cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327). | 2.7 |
| 2019-08-02 | CVE-2017-18393 | Improper Input Validation vulnerability in Cpanel cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326). | 2.7 |
| 2019-08-02 | CVE-2017-18392 | Improper Input Validation vulnerability in Cpanel cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325). | 2.0 |
| 2019-08-02 | CVE-2017-18391 | Information Exposure vulnerability in Cpanel cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323). | 2.5 |
| 2019-08-02 | CVE-2017-18384 | Improper Access Control vulnerability in Cpanel cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). | 3.8 |
| 2019-08-02 | CVE-2017-18382 | Improper Input Validation vulnerability in Cpanel cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). | 2.7 |
| 2019-08-01 | CVE-2018-20946 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). | 3.3 |
| 2019-08-01 | CVE-2018-20944 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). | 3.3 |
| 2019-08-01 | CVE-2018-20943 | Information Exposure vulnerability in Cpanel cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). | 2.5 |