Cpanel: >> Cpanel >> 67.9999.130 Security Vulnerabilities
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).
CVSS Score
6.3
EPSS Score
0.004
Published
2019-08-02
cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341).
CVSS Score
3.1
EPSS Score
0.002
Published
2019-08-02
cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345).
CVSS Score
5.5
EPSS Score
0.001
Published
2019-08-02
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).
CVSS Score
2.0
EPSS Score
0.003
Published
2019-08-02
cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).
CVSS Score
2.7
EPSS Score
0.003
Published
2019-08-02
cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327).
CVSS Score
2.7
EPSS Score
0.002
Published
2019-08-02
cPanel before 68.0.15 does not block a username of ssl (SEC-328).
CVSS Score
2.7
EPSS Score
0.003
Published
2019-08-02
cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).
CVSS Score
5.5
EPSS Score
0.001
Published
2019-08-02
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).
CVSS Score
3.3
EPSS Score
0.001
Published
2019-08-02
DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331).
CVSS Score
3.8
EPSS Score
0.002
Published
2019-08-02