Security Vulnerabilities - CVEs Published In August 2019
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303).
CVSS Score
5.5
EPSS Score
0.0
Published
2019-08-02
IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID: 154280.
CVSS Score
5.1
EPSS Score
0.0
Published
2019-08-02
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).
CVSS Score
2.0
EPSS Score
0.003
Published
2019-08-02
cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).
CVSS Score
2.7
EPSS Score
0.003
Published
2019-08-02
cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327).
CVSS Score
2.7
EPSS Score
0.002
Published
2019-08-02
cPanel before 68.0.15 does not block a username of ssl (SEC-328).
CVSS Score
2.7
EPSS Score
0.003
Published
2019-08-02
cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).
CVSS Score
5.5
EPSS Score
0.001
Published
2019-08-02
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).
CVSS Score
3.3
EPSS Score
0.001
Published
2019-08-02
DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331).
CVSS Score
3.8
EPSS Score
0.002
Published
2019-08-02
cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332).
CVSS Score
3.7
EPSS Score
0.002
Published
2019-08-02