Security Vulnerabilities - CVEs Published In August 2019
cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248).
CVSS Score
5.3
EPSS Score
0.002
Published
2019-08-02
cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249).
CVSS Score
4.3
EPSS Score
0.002
Published
2019-08-02
cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250).
CVSS Score
6.3
EPSS Score
0.003
Published
2019-08-02
cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251).
CVSS Score
6.3
EPSS Score
0.006
Published
2019-08-02
cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238).
CVSS Score
7.3
EPSS Score
0.006
Published
2019-08-02
ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains a vulnerability that could allow remote attackers to execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for remote code execution.
CVSS Score
8.8
EPSS Score
0.012
Published
2019-08-02
cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271).
CVSS Score
3.3
EPSS Score
0.001
Published
2019-08-02
In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272).
CVSS Score
3.3
EPSS Score
0.001
Published
2019-08-02
In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).
CVSS Score
3.3
EPSS Score
0.001
Published
2019-08-02
In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).
CVSS Score
3.3
EPSS Score
0.001
Published
2019-08-02