cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).

cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355).

bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354).

cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353).

cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).

cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).

cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342).

cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).

cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321).

cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).

cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377).

cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376).

cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375).

cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374).

cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373).

cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372).

cPanel before 70.0.23 allows any user to disable Solr (SEC-371).

cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370).

cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369).

In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).