Cpanel : Security Vulnerabilities, CVEs, CVSS score between 2 and 2.99
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).
Max CVSS
2.5
EPSS Score
0.04%
Published
2019-08-01
Updated
2019-08-09
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).
Max CVSS
2.5
EPSS Score
0.04%
Published
2019-08-01
Updated
2019-08-09
cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).
Max CVSS
2.3
EPSS Score
0.04%
Published
2019-08-01
Updated
2019-08-06
In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).
Max CVSS
2.5
EPSS Score
0.04%
Published
2019-08-02
Updated
2019-08-12
In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).
Max CVSS
2.5
EPSS Score
0.04%
Published
2019-08-02
Updated
2019-08-09
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).
Max CVSS
2.5
EPSS Score
0.04%
Published
2019-08-02
Updated
2019-08-12
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).
Max CVSS
2.1
EPSS Score
0.05%
Published
2019-08-02
Updated
2019-08-13
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).
Max CVSS
2.5
EPSS Score
0.04%
Published
2019-08-02
Updated
2019-08-09
Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
Max CVSS
2.6
EPSS Score
0.65%
Published
2006-07-03
Updated
2018-10-18
9 vulnerabilities found