cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137).
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141).
cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).
cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).
cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60).
cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66).
cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85).
cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29).