cPanel before 70.0.23 allows any user to disable Solr (SEC-371).
CWE-20
CVE-2018-20869
cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465).
CVE-2018-20873
cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409).
CVE-2018-20879
cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444).
CVE-2018-20882
cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447).
CVE-2018-20883
cPanel before 74.0.8 allows FTP access during account suspension (SEC-449).