cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228).
When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will ...
cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).
cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).
cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327).
cPanel before 68.0.15 does not block a username of ssl (SEC-328).
cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334).