cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).
Max CVSS
6.5
EPSS Score
0.07%
Published
2019-08-01
Updated
2019-08-08
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355).
Max CVSS
3.3
EPSS Score
0.04%
Published
2019-08-01
Updated
2019-08-07
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353).
Max CVSS
3.3
EPSS Score
0.04%
Published
2019-08-01
Updated
2019-08-07
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).
Max CVSS
2.5
EPSS Score
0.04%
Published
2019-08-01
Updated
2019-08-09
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).
Max CVSS
2.5
EPSS Score
0.04%
Published
2019-08-01
Updated
2019-08-09
cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349).
Max CVSS
5.6
EPSS Score
0.04%
Published
2019-08-01
Updated
2019-08-08
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).
Max CVSS
3.3
EPSS Score
0.04%
Published
2019-08-01
Updated
2019-08-07
cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364).
Max CVSS
4.9
EPSS Score
0.07%
Published
2019-08-01
Updated
2019-08-02
cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-08-01
Updated
2019-08-02
cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443).
Max CVSS
3.3
EPSS Score
0.04%
Published
2019-08-01
Updated
2019-08-07
cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425).
Max CVSS
4.4
EPSS Score
0.04%
Published
2019-08-01
Updated
2019-08-07
The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-07-30
Updated
2019-07-31
In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207).
Max CVSS
6.5
EPSS Score
0.07%
Published
2019-08-05
Updated
2019-08-12
cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201).
Max CVSS
6.8
EPSS Score
0.07%
Published
2019-08-05
Updated
2019-08-12
cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239).
Max CVSS
3.5
EPSS Score
0.04%
Published
2019-08-02
Updated
2019-08-09
In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234).
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-08-02
Updated
2019-08-12
In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).
Max CVSS
2.5
EPSS Score
0.04%
Published
2019-08-02
Updated
2019-08-12
In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).
Max CVSS
3.3
EPSS Score
0.04%
Published
2019-08-02
Updated
2019-08-06
cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-08-02
Updated
2019-08-13
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).
Max CVSS
2.5
EPSS Score
0.04%
Published
2019-08-02
Updated
2019-08-09
The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77).
Max CVSS
6.5
EPSS Score
0.07%
Published
2019-08-01
Updated
2019-08-08
cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).
Max CVSS
6.5
EPSS Score
0.07%
Published
2019-08-01
Updated
2019-08-06
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).
Max CVSS
9.0
EPSS Score
0.10%
Published
2019-08-07
Updated
2019-08-09
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).
Max CVSS
9.0
EPSS Score
0.10%
Published
2019-08-07
Updated
2019-08-09
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).
Max CVSS
9.0
EPSS Score
0.10%
Published
2019-08-07
Updated
2019-08-09