cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353).
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355).
cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).
cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349).
cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408).
cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364).
cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425).
cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443).
The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467).